CVE-2021-38138 OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account.
| Phase (Legacy) | � |
|---|---|
| Date Record Created | � |
| Assigning CNA | � |
| References | � |
| Description | � |
| CVE-ID | � |
CVE-2021-38138 |
• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information |
| OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release. | � |
| Note: are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete. | � |
| � | |
| MITRE Corporation | � |
| 20210805 | Disclaimer: The may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or... |