CVE-2021-29979Cross-site Scripting in Mozilla Hubs Cloud

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.5%
top 34.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Mozilla Hubs CloudMozilla Firefox
Timeline
PublishedAug 2
Latest updateMay 24

Description

Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5mozilla/hubs_cloudunspecifiedmozillareality/reticulum/1.0.1/20210618012634
mozillamozilla/firefox

🔴Vulnerability Details

1
GHSA
GHSA-523p-mj64-2h68: Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s prima2022-05-24

📋Vendor Advisories

1
Mozilla
Mozilla Foundation Security Advisory 2021-32: CVE-2021-29979