Description

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.

Remediation

References

CVE-2021-39391

Related Vulnerabilities

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552)

WordPress Clickjacking Vulnerability (0.7 - 3.1.2)

MySQL CVE-2020-2896 Vulnerability (CVE-2020-2896)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1912)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)

Severity

Medium

Classification

CVE-2021-39391 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities