Vulnerability Details CVE-2021-32858
esdoc-publish-html-plugin is a plugin for the document maintenance software ESDoc. TheHTML sanitizer in esdoc-publish-html-plugin 1.1.2 and prior can be bypassed which may lead to cross-site scripting (XSS) issues. There are no known patches for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.1%
CVSS Severity
CVSS v3 Score 6.1
References
- https://github.com/esdoc/esdoc-plugins/blob/2de5022baa569785a189056a99acd1d7ca8284b7/esdoc-publish-html-plugin/src/Builder/util.js#L80
- https://securitylab.github.com/advisories/GHSL-2021-1034_esdoc-publish-html-plugin/
- https://github.com/esdoc/esdoc-plugins/blob/2de5022baa569785a189056a99acd1d7ca8284b7/esdoc-publish-html-plugin/src/Builder/util.js#L80
- https://securitylab.github.com/advisories/GHSL-2021-1034_esdoc-publish-html-plugin/
Products affected by CVE-2021-32858
-
cpe:2.3:a:esdoc:esdoc-publish-html-plugin:-
-
cpe:2.3:a:esdoc:esdoc-publish-html-plugin:1.0.0
-
cpe:2.3:a:esdoc:esdoc-publish-html-plugin:1.1.0
-
cpe:2.3:a:esdoc:esdoc-publish-html-plugin:1.1.1
-
cpe:2.3:a:esdoc:esdoc-publish-html-plugin:1.1.2