Skip to main content

Peertube CVE-2021-3780

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-09-15 security@huntr.dev
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 15, 2021 - 12:15 nvd
MEDIUM 6.1

DescriptionNVD

peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

AnalysisAI

peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Affected products include: Framasoft Peertube.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2025-32948 HIGH POC
7.5 Apr 15

The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send request

CVE-2025-32947 HIGH POC
7.5 Apr 15

This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite lo

CVE-2025-32949 MEDIUM POC
6.5 Apr 15

This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when ex

CVE-2025-32944 MEDIUM POC
6.5 Apr 15

The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.

CVE-2022-0881 MEDIUM POC
6.5 Mar 09

Insecure Storage of Sensitive Information in GitHub repository chocobozzz/peertube prior to 4.1.1. Rated medium severity

CVE-2022-0727 MEDIUM POC
5.4 Feb 23

Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this

CVE-2022-0726 MEDIUM POC
5.4 Feb 23

Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Rated medium severity (CVSS 5.4), this vu

CVE-2025-32946 MEDIUM POC
5.3 Apr 15

This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. Ra

CVE-2025-32945 MEDIUM POC
4.3 Apr 15

The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. Ra

CVE-2025-32943 LOW POC
3.7 Apr 15

The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server

CVE-2026-57167 MEDIUM
5.1 Jul 10

Stored XSS in PeerTube before version 8.2.2 allows any authenticated uploader to inject arbitrary HTML and JavaScript in

Share

CVE-2021-3780 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy