CVE-2021-46827

EPSS 0.67%
Veröffentlicht 13.07.2022 05:15:07
Zuletzt bearbeitet 21.11.2024 06:34:46
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Sync ≫ Oxygen Publishing Engine Version < 22.1

Sync ≫ Oxygen Publishing Engine Version22.1 Update2020061014

Sync ≫ Oxygen Publishing Engine Version22.1 Update2020072823

Sync ≫ Oxygen Publishing Engine Version22.1 Update2020100801

Sync ≫ Oxygen Publishing Engine Version22.1 Update2020121711

Sync ≫ Oxygen Publishing Engine Version23.1 Update2021040717

Sync ≫ Oxygen Publishing Engine Version23.1 Update2021060401

Sync ≫ Oxygen Xml Author Version < 22.1

Sync ≫ Oxygen Xml Author Version22.1 Update2020061102

Sync ≫ Oxygen Xml Author Version22.1 Update2020072902

Sync ≫ Oxygen Xml Author Version22.1 Update2020100710

Sync ≫ Oxygen Xml Author Version22.1 Update2020121713

Sync ≫ Oxygen Xml Author Version23.1 Update2021030206

Sync ≫ Oxygen Xml Author Version23.1 Update2021040908

Sync ≫ Oxygen Xml Author Version23.1 Update2021061407

Sync ≫ Oxygen Xml Developer Version < 22.1

Sync ≫ Oxygen Xml Developer Version22.1 Update2020061102

Sync ≫ Oxygen Xml Developer Version22.1 Update2020072902

Sync ≫ Oxygen Xml Developer Version22.1 Update2020100710

Sync ≫ Oxygen Xml Developer Version22.1 Update2020121713

Sync ≫ Oxygen Xml Developer Version23.1 Update2021030206

Sync ≫ Oxygen Xml Developer Version23.1 Update2021040908

Sync ≫ Oxygen Xml Developer Version23.1 Update2021061407

Sync ≫ Oxygen Xml Editor Version < 22.1

Sync ≫ Oxygen Xml Editor Version22.1 Update2020061102

Sync ≫ Oxygen Xml Editor Version22.1 Update2020072902

Sync ≫ Oxygen Xml Editor Version22.1 Update2020100710

Sync ≫ Oxygen Xml Editor Version22.1 Update2020121713

Sync ≫ Oxygen Xml Editor Version23.1 Update2021030206

Sync ≫ Oxygen Xml Editor Version23.1 Update2021040908

Sync ≫ Oxygen Xml Editor Version23.1 Update2021061407

Sync ≫ Oxygen Xml Webhelp Version < 22.1

Sync ≫ Oxygen Xml Webhelp Version22.1 Update2020061014

Sync ≫ Oxygen Xml Webhelp Version22.1 Update2020072412

Sync ≫ Oxygen Xml Webhelp Version22.1 Update2020100208

Sync ≫ Oxygen Xml Webhelp Version22.1 Update2020121713

Sync ≫ Oxygen Xml Webhelp Version23.1 Update2021030210

Sync ≫ Oxygen Xml Webhelp Version23.1 Update2021040711

Sync ≫ Oxygen Xml Webhelp Version23.1 Update2021060306

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.67%	0.71

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-46827

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-46827

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-46827

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2021-46827