Moderate severityGHSA Advisory· Published Jul 21, 2021· Updated Sep 16, 2024

Cross-site Scripting (XSS)

CVE-2021-23411

Description

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
anchormenpm	<= 2.1.2	—

Affected products

Lumiverse/AnchormeGHSA
Range: <= 2.1.2
Package: https://npmjs.com/package/anchorme
ghsa-coords
pkg:npm/anchorme
Range: <= 2.1.2

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-w4wq-rvmq-77x7ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-23411ghsaADVISORY
github.com/alexcorvi/anchorme.js/blob/gh-pages/src/transform.tsghsaWEB
github.com/alexcorvi/anchorme.js/blob/gh-pages/src/transform.ts%23L81ghsax_refsource_MISCWEB
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1320695ghsax_refsource_MISCWEB
snyk.io/vuln/SNYK-JS-ANCHORME-1311008ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000