← Volver a CVEs
CVE-2021-32852
MEDIUM5.4
Descripcion
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado2/20/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
count:countly_server
Debilidades (CWE)
CWE-79CWE-79
Referencias
https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/app.js#L1112(security-advisories@github.com)
https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/views/reset.html#L95(security-advisories@github.com)
https://github.com/Countly/countly-server/releases/tag/v21.11(security-advisories@github.com)
https://securitylab.github.com/advisories/GHSL-2021-104-countly-server/(security-advisories@github.com)
https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/app.js#L1112(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/views/reset.html#L95(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/Countly/countly-server/releases/tag/v21.11(af854a3a-2127-422b-91ae-364da2661108)
https://securitylab.github.com/advisories/GHSL-2021-104-countly-server/(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.