Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.
References
Link | Resource |
---|---|
https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/app.js#L1112 | Third Party Advisory |
https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/views/reset.html#L95 | Third Party Advisory |
https://github.com/Countly/countly-server/releases/tag/v21.11 | Release Notes |
https://securitylab.github.com/advisories/GHSL-2021-104-countly-server/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-02-20T00:00:00
Updated: 2023-02-20T00:00:00
Reserved: 2021-05-12T00:00:00
Link: CVE-2021-32852
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-20T22:15:11.160
Modified: 2023-03-06T04:35:57.473
Link: CVE-2021-32852
JSON object: View
Redhat Information
No data.
CWE