← Volver a CVEs
CVE-2021-39169
HIGH8.0
Descripcion
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading.
Detalles CVE
Puntuacion CVSS v3.18.0
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioREQUIRED
Publicado8/27/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
misskey:misskey
Debilidades (CWE)
CWE-79
Referencias
https://github.com/misskey-dev/misskey/commit/ec203f7f795766f76b55fecc9248168c1cdf6c99(security-advisories@github.com)
https://github.com/misskey-dev/misskey/security/advisories/GHSA-pmmv-jwqh-f5ww(security-advisories@github.com)
https://github.com/misskey-dev/misskey/commit/ec203f7f795766f76b55fecc9248168c1cdf6c99(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/misskey-dev/misskey/security/advisories/GHSA-pmmv-jwqh-f5ww(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.