Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2021-42053 — Cross-site Scripting in Unicorn

Severity

6.1MEDIUMNVD

NVD5.4GHSA5.4OSV5.4

EPSS

0.3%

top 46.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedOct 7

Latest updateOct 12

Description

The Unicorn framework through 0.35.3 for Django allows XSS via component.name.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

GHSA

Cross-site scripting in Unicorn framework↗2021-10-12

▶

OSV

Cross-site Scripting in django-unicorn↗2021-10-12

▶

OSV

Cross-site scripting in Unicorn framework↗2021-10-12

▶

GHSA

Cross-site Scripting in django-unicorn↗2021-10-12

▶

OSV

CVE-2021-42134: The Unicorn framework before 0↗2021-10-11

▶

Exploit-DB

django-unicorn 0.35.3 - Stored Cross-Site Scripting (XSS)↗2021-10-08

▶