← voltar
CVE-2021-33611

Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14

CVSS 6.1 MEDIUMEPSS 1.0%CWE-79
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Produtos afetados
Vaadin · VaadinVaadin · vaadin-menu-bar

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/vaadin/vaadin-menu-bar/pull/126https://vaadin.com/security/cve-2021-33611