CVE-2021-3914

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

6.1MEDIUM

EPSS

0.5%

top 34.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Build OF Quarkus Redhat Openshift Application Runtimes

Timeline

PublishedAug 25

Latest updateAug 26

Description

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶Mavenio.smallrye:smallrye-health-ui< 3.1.2

▶CVEListV5smallrye-healthNot-Known

▶NVDredhat/build_of_quarkus< 2.7.5

▶NVDredhat/openshift_application_runtimes1.0

🔴Vulnerability Details

OSV

SmallRye Health UI Cross-site Scripting vulnerability↗2022-08-26

▶

GHSA

SmallRye Health UI Cross-site Scripting vulnerability↗2022-08-26

▶

CVEList

CVE-2021-3914: It was found that the smallrye health metrics UI component did not properly sanitize some user inputs↗2022-08-25

▶

📋Vendor Advisories

Red Hat

smallrye-health-ui: persistent cross-site scripting in endpoint↗2021-10-27

▶