3 matches found
CVE-2021-21422
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...
CVE-2021-21422
Summary: CVE-2021-21422 affects mongo-express, a Node.js/Express-based MongoDB admin UI. The issue stems from two XSS vectors: (1) when a cell’s content exceeds the supported size, clicking a row reveals the full document unescaped (requires admin interaction); (2) media-like data cells render as...
CVE-2021-21422 XSS Vulnerability in mongo-express
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...