Design/Logic Flaw

2021-03-2718:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

29.5%

JSON

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the “script” string.

CPENameOperatorVersion
bluemondaylt1.0.5

CPE	Name	Operator	Version
	bluemonday	lt	1.0.5

References

github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5

vuln.ryotak.me/advisories/4

0.001 Low

EPSS

Percentile

29.5%

JSON

Related for PRION:CVE-2021-29272