remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
References
Link | Resource |
---|---|
https://github.com/umputun/remark42/compare/v1.6.0...v1.6.1 | Patch Third Party Advisory |
https://vuln.ryotak.me/advisories/19 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-03-27T17:57:06
Updated: 2021-04-05T05:40:49
Reserved: 2021-03-27T00:00:00
Link: CVE-2021-29271
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-03-27T18:15:13.457
Modified: 2021-06-04T19:08:19.087
Link: CVE-2021-29271
JSON object: View
Redhat Information
No data.
CWE