CVE-2021-4296

Name
CVE-2021-4296
Description
A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://vuldb.com/?id.217019
MISC https://github.com/w3c/Unicorn/pull/212
MISC https://vuldb.com/?ctiid.217019
MISC https://github.com/w3c/Unicorn/commit/51f75c31f7fc33859a9a571311c67ae4e95d9c68

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:w3:unicorn:*:*:*:*:*:*:*:* unicorn >= None < 2021-06-03

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
unicorn edge-community 2.1.4-r1 Patrycja Rosa <alpine@ptrcnull.me> possibly vulnerable