Lucene search

[email protected]NVD:CVE-2021-32851

HistoryFeb 20, 2023 - 10:15 p.m.

CVE-2021-32851

2023-02-2022:15:11

CWE-79

[email protected]

web.nvd.nist.gov

mind-elixir

open source

cross-site scripting

version 0.18.1

security issue

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.7%

JSON

Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1

Affected configurations

NVD

Node

mind-elixir_projectmind-elixirRange<0.18.1node.js

References

github.com/ssshooter/mind-elixir-core/blob/79942a68b14c8875ab7d270b1ad25bfff351b04c/src/plugin/contextMenu.js#L13

github.com/ssshooter/mind-elixir-core/commit/073485269ac83af24371f35bd08507defa885655

securitylab.github.com/advisories/GHSL-2021-1047_Mind-elixir/

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for NVD:CVE-2021-32851

osv2 github1 cve1 prion1 cvelist1