OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-05T15:59:00
Updated: 2024-08-04T01:37:14.870Z
Reserved: 2021-08-05T00:00:00
Link: CVE-2021-38138
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-08-05T16:15:07.317
Modified: 2022-09-28T17:19:39.460
Link: CVE-2021-38138
Redhat
No data.