CVE-2002-2021
published 2002-12-31CVE-2002-2021: Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.72%
74.6th percentile
Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | mysql-8.0.26-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | mysql-8.0.26-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | mysql-debuginfo-8.0.26-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | mysql-debuginfo-8.0.26-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| msrc | mysql-devel-8.0.26-1.cm1.aarch64.rpm_on_cbl_mariner_1.0_arm | — | — |
| msrc | mysql-devel-8.0.26-1.cm1.x86_64.rpm_on_cbl_mariner_1.0_x64 | — | — |
| woltlab | burning_board | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_msrc4.9MEDIUM
vendor_oracle4.9MEDIUM
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-2jgm-64f7-ph6p: Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1
ghsa_unreviewed·2022-04-30
CVE-2002-2021 [MEDIUM] GHSA-2jgm-64f7-ph6p: Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1
Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
GHSA
Open redirect via transitional IPv6 addresses on dual-stack networks
ghsa·2021-04-13
CVE-2021-21392 [HIGH] CWE-601 Open redirect via transitional IPv6 addresses on dual-stack networks
Open redirect via transitional IPv6 addresses on dual-stack networks
### Impact
Requests to user provided domains were not restricted to external IP addresses when transitional IPv6 addresses were used. Outbound requests to federation, identity servers, when calculating the key validity for third-party invite events, sending push notifications, and generating URL previews are affected. This could cause Synapse to make requests to internal infrastructure on dual-stack networks.
### Patches
This issue is fixed by #9240.
### Workarounds
Outbound requests to the following address ranges can be blocked by a firewall, if unused for internal communication between systems:
* `::ffff/80`
* `::0000/80` (note that this IP range is considered deprecated by the IETF)
* `2002::/16` (note that this I
Red Hat
mysql: Server: Replication unspecified vulnerability (CPU Jan 2021)
vendor_redhat·2021-01-19·CVSS 4.9
CVE-2021-2002 [MEDIUM] mysql: Server: Replication unspecified vulnerability (CPU Jan 2021)
mysql: Server: Replication unspecified vulnerability (CPU Jan 2021)
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Package: mysql (Red Hat Enterprise Linux 6) - Not affected
Package: mariadb (Red Hat Enterprise Linux 7) - Not affected
Package: mariadb:10.3/mariadb (Red Hat Enterprise Linux 8
Oracle
Oracle Oracle MySQL Risk Matrix: Server: Replication — CVE-2021-2002
vendor_oracle·2021-01-15·CVSS 4.9
CVE-2021-2002 [MEDIUM] Oracle Oracle MySQL Risk Matrix: Server: Replication — CVE-2021-2002
Oracle Oracle MySQL Risk Matrix: Server: Replication vulnerability
CVE: CVE-2021-2002
CVSS: 4.9
Protocol: MySQL Protocol
Remote exploit: No
Affected versions: Network
Advisory: cpujan2021 (JAN 2021)
Microsoft
MySQL Server Replication Vulnerability Allows High-Privileged Remote Attackers to Cause Denial of Service (DoS) in Versions 8.0.22 and Earlier
vendor_msrc·2021-01-12·CVSS 4.9
CVE-2021-2002 [MEDIUM] MySQL Server Replication Vulnerability Allows High-Privileged Remote Attackers to Cause Denial of Service (DoS) in Versions 8.0.22 and Earlier
MySQL Server Replication Vulnerability Allows High-Privileged Remote Attackers to Cause Denial of Service (DoS) in Versions 8.0.22 and Earlier
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
oracle: oracle
C
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/bugtraq/2002-04/0163.htmlhttp://www.iss.net/security_center/static/8841.phphttp://www.securityfocus.com/bid/4512http://archives.neohapsis.com/archives/bugtraq/2002-04/0163.htmlhttp://www.iss.net/security_center/static/8841.phphttp://www.securityfocus.com/bid/4512
2002-12-31
Published