Vulnerability Details CVE-2021-29271
remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2021-29271
-
cpe:2.3:a:remark42:remark42:-
-
cpe:2.3:a:remark42:remark42:1.0.0
-
cpe:2.3:a:remark42:remark42:1.1.0
-
cpe:2.3:a:remark42:remark42:1.2.0
-
cpe:2.3:a:remark42:remark42:1.2.1
-
cpe:2.3:a:remark42:remark42:1.3.0
-
cpe:2.3:a:remark42:remark42:1.3.1
-
cpe:2.3:a:remark42:remark42:1.3.2
-
cpe:2.3:a:remark42:remark42:1.4.0
-
cpe:2.3:a:remark42:remark42:1.5.0
-
cpe:2.3:a:remark42:remark42:1.6.0