Skip to main content

Qiita

2 CVEs product

Monthly

CVE-2021-28833 Ruby MEDIUM PATCH This Month

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qiita
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-28796 Ruby MEDIUM PATCH This Month

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Qiita
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qiita
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Qiita
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy