Peertube
CVE-2021-3780
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
AnalysisAI
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected products include: Framasoft Peertube.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send request
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite lo
This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when ex
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.
Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Rated medium severity
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this
Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this vu
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Ra
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Ra
The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server
Stored XSS in PeerTube before version 8.2.2 allows any authenticated uploader to inject arbitrary HTML and JavaScript in
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today