Lucene search

GitHub_MCVELIST:CVE-2021-41086

HistorySep 21, 2021 - 9:00 p.m.

CVE-2021-41086 Clipboard-based XSS in jsuites

2021-09-2121:00:12

CWE-79

GitHub_M

www.cve.org

cve-2021-41086

clipboard-based xss

jsuites

update to version 4.9.11

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

36.6%

JSON

jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying anything from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to innerHTML allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve.

CNA Affected

[
  {
    "product": "jsuites",
    "vendor": "jsuites",
    "versions": [
      {
        "status": "affected",
        "version": "< 4.9.11"
      }
    ]
  }
]

References

github.com/jsuites/jsuites/commit/d47a6f4e143188dde2742f4cffd313e1068ad3b3

github.com/jsuites/jsuites/commit/fe1d3cc5e339f2f4da8ed1f9f42271fdf9cbd8d2

github.com/jsuites/jsuites/security/advisories/GHSA-qh7x-j4v8-qw5w

CVSS3

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

AI Score

8.2

Confidence

High

EPSS

0.001

Percentile

36.6%

JSON

Related for CVELIST:CVE-2021-41086