CVE-2021-42134 — Cross-site Scripting in Unicorn

Severity

6.1MEDIUMNVD

GHSA5.4OSV5.4

EPSS

0.2%

top 52.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedOct 11

Latest updateOct 12

Description

The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

OSV

Cross-site Scripting in django-unicorn↗2021-10-12

▶

GHSA

Cross-site Scripting in django-unicorn↗2021-10-12

▶

OSV

CVE-2021-42134: The Unicorn framework before 0↗2021-10-11

▶