Lucene search
PRIOn knowledge basePRION:CVE-2021-32852HistoryFeb 20, 2023 - 10:15 p.m.
Cross site scripting
2023-02-2022:15:00
PRIOn knowledge base
www.prio-n.com
5
countly
cross-site scripting
version 21.11
product analytics
solution
security vulnerability
nvd
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.
| CPE | Name | Operator | Version |
|---|---|---|---|
| countly_server | lt | 21.11 |
References
github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/app.js
github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/views/reset.html
github.com/Countly/countly-server/releases/tag/v21.11
securitylab.github.com/advisories/GHSL-2021-104-countly-server/
Related
cvelist
cvelist
CVE-2021-32852 countly-server vulnerable to Cross-site Scripting
2023-02-20 00:00:00
nvd
nvd
CVE-2021-32852
2023-02-20 22:15:11
cve
cve
CVE-2021-32852
2023-02-20 22:15:11
osv
osv
CVE-2021-32852
2023-02-20 22:15:11