Lucene search
China National Vulnerability DatabaseCNVD-2022-21816HistoryMar 15, 2022 - 12:00 a.m.
Nacos Cross-Site Scripting Vulnerability
2022-03-1500:00:00
China National Vulnerability Database
www.cnvd.org.cn
13
nacos
cross-site scripting
vulnerability
data validation
filtering
user-supplied
output data
pagesize
pageno
javascript code
client side
cnvd
EPSS
0.001
Percentile
34.0%
Nacos is a dynamic service discovery, configuration and service management platform for Alibaba (China). It supports DNS-based and RPC-based service discovery, and can provide features such as providing real-time health checks and blocking services from sending requests to unhealthy hosts or service instances. A cross-site scripting vulnerability exists in Nacos version 2.0.3, which stems from the lack of data validation filtering of user-supplied and output data in the pageSize and pageNo parameters. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
Related
prion
prion
Cross site scripting
2022-03-11 19:15:00
nvd
nvd
CVE-2021-44667
2022-03-11 19:15:09
veracode
veracode
Cross-site Scripting (XSS)
2022-03-14 02:52:10
cvelist
cvelist
CVE-2021-44667
2022-03-11 18:39:02
github
github
Cross-site Scripting in Nacos
2022-03-12 00:00:27
gitlab
gitlab
osv
osv
Cross-site Scripting in Nacos
2022-03-12 00:00:27
CVE-2021-44667
2022-03-11 19:15:09
cve
cve
CVE-2021-44667
2022-03-11 19:15:09