CVE-2021-29271

remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.
Configurations

Configuration 1 (hide)

cpe:2.3:a:remark42:remark42:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-03-27 18:15

Updated : 2024-11-21 06:00


NVD link : CVE-2021-29271

Mitre link : CVE-2021-29271

CVE.ORG link : CVE-2021-29271


JSON object : View

Products Affected

remark42

  • remark42
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')