CVE-2021-32828

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nuxeo Platform version 11.5.109

Description The Nuxeo Platform is an open source content management platform for building business applications. In the affected version, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting (XSS), which can be escalated to Remote Code Execution (RCE) by leveraging the automation API.

Recommendations For version 11.5.109, consider disabling the oauth2 REST API until a patch is available to prevent exploitation. Restrict access to the automation API to minimize the risk of Remote Code Execution (RCE).

Exploit

Fix

Deserialization of Untrusted Data

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-79

Related Identifiers

CVE-2021-32828

GHSA-X347-FC9W-W7C3

Affected Products

Nuxeo Platform

CVE-2021-32828

Weakness Enumeration

Related Identifiers

Affected Products

References · 7