Vulnerability Details CVE-2021-23824
This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.0%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2021-23824
-
cpe:2.3:a:crowcpp:crow:-
-
cpe:2.3:a:crowcpp:crow:0.1
-
cpe:2.3:a:crowcpp:crow:0.2
-
cpe:2.3:a:crowcpp:crow:0.3
-
cpe:2.3:a:crowcpp:crow:0.3+1
-
cpe:2.3:a:crowcpp:crow:0.3+2
-
cpe:2.3:a:crowcpp:crow:0.3+3