PT-2022-12935 · Syncro Soft · Oxygen Xml Webhelp

Published

2022-07-13

Updated

2022-07-20

CVE-2021-46827

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oxygen XML WebHelp versions prior to 22.1 build 2021082006 Oxygen XML WebHelp versions 23.x prior to 23.1 build 2021090310

Description An issue in Oxygen XML WebHelp allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field, due to an XSS vulnerability in search terms proposals. This affects online documentation generated using Oxygen XML WebHelp.

Recommendations For Oxygen XML WebHelp versions prior to 22.1 build 2021082006, update to version 22.1 build 2021082006 or later. For Oxygen XML WebHelp versions 23.x prior to 23.1 build 2021090310, update to version 23.1 build 2021090310 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-46827

Affected Products

Oxygen Xml Webhelp

PT-2022-12935 · Syncro Soft · Oxygen Xml Webhelp

CVE-2021-46827

Weakness Enumeration

Related Identifiers

Affected Products

References · 4