PT-2021-23078 · Jsuites · Jsuites

Bananabr

Published

2021-09-21

Updated

2021-09-29

CVE-2021-41086

CVSS v3.1

8.7

High

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions jsuites versions prior to 4.9.11

Description The issue allows for cross-site scripting (XSS) attacks via clipboard content. If a user can be tricked into copying malicious content and pasting it into the HTML editor, a part of the clipboard content is directly written to innerHTML, causing XSS. This enables JavaScript injection.

Recommendations For versions prior to 4.9.11, update to version 4.9.11 to resolve the issue. As a temporary workaround, consider restricting the use of the HTML editor until the update is applied. Avoid pasting arbitrary content from untrusted sources into the HTML editor to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-41086

GHSA-QH7X-J4V8-QW5W

Affected Products

Jsuites

PT-2021-23078 · Jsuites · Jsuites

CVE-2021-41086

Weakness Enumeration

Related Identifiers

Affected Products

References · 9