Skip to main content
CVE-2021-29272 MEDIUM PATCH This Month

bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bluemonday
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-29271 MEDIUM PATCH This Month

{URL:" followed by an XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Remark42
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy