Debian Security Bug TrackerDEBIANCVE:CVE-2021-46872CVE-2021-46872
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
41.4%
An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | nim | < 1.6.2-1 | nim_1.6.2-1_all.deb |
| Debian | 11 | all | nim | <= 1.4.6+really1.4.2-2 | nim_1.4.6+really1.4.2-2_all.deb |
| Debian | 10 | all | nim | <= 0.19.4-1 | nim_0.19.4-1_all.deb |
| Debian | 999 | all | nim | < 1.6.2-1 | nim_1.6.2-1_all.deb |
| Debian | 13 | all | nim | < 1.6.2-1 | nim_1.6.2-1_all.deb |
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
41.4%