CVE-2021-39169

2021-08-2713:15:07

Google

osv.dev

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading.

CPENameOperatorVersion
misskeyeq11.0.0-alpha.3
misskeyeq5.22.0
misskeyeq2.18.0
misskeyeq8.40.0
misskeyeq8.9.0
misskeyeq6.0.0
misskeyeq10.77.0
misskeyeq10.49.1
misskeyeq11.17.1
misskeyeq1.2.0

Name	Operator	Version
misskey	eq	11.0.0-alpha.3
misskey	eq	5.22.0
misskey	eq	2.18.0
misskey	eq	8.40.0
misskey	eq	8.9.0
misskey	eq	6.0.0
misskey	eq	10.77.0
misskey	eq	10.49.1
misskey	eq	11.17.1
misskey	eq	1.2.0