Lucene search
Veracode Vulnerability DatabaseVERACODE:30800HistoryJun 04, 2021 - 2:06 a.m.
Cross-site Scripting (XSS)
2021-06-0402:06:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.002 Low
EPSS
Percentile
54.2%
Backstage is vulnerable to cross-site scripting. An attacker is able to inject malicious script by embedding the script within an object element of uploaded documentation content, allowing the malicious script to get executed when the same documentation page is visited or the malicious object stored is accessed.
| CPE | Name | Operator | Version |
|---|---|---|---|
| @backstage/plugin-techdocs | le | 0.9.4 |
References
github.com/backstage/backstage/commit/aad98c544e59369901fe9e0a85f6357644dceb5c
github.com/backstage/backstage/compare/f2b339a30cc3f0343e8bd366f5e33b4cc9f3b371...348c46896fed3a0b92bd376ad5825323637e402a
github.com/backstage/backstage/releases/tag/release-2021-06-03
github.com/backstage/backstage/security/advisories/GHSA-gg96-f8wr-p89f
Related
osv
osv
CVE-2021-32661
2021-06-03 18:15:08
Script injection
2021-06-04 19:09:26
prion
prion
Design/Logic Flaw
2021-06-03 18:15:00
cvelist
cvelist
CVE-2021-32661 TechDocs object element script injection
2021-06-03 17:25:10
nvd
nvd
CVE-2021-32661
2021-06-03 18:15:08
github
github
Script injection
2021-06-04 19:09:26
cve
cve
CVE-2021-32661
2021-06-03 18:15:08