Medium severity6.1NVD Advisory· Published Mar 27, 2021· Updated Jun 17, 2026
CVE-2021-29272
CVE-2021-29272
Description
bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/microcosm-cc/bluemondayGo | < 1.0.5 | 1.0.5 |
Affected products
2- bluemonday/bluemondaydescription
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-3x58-xr87-2fcjghsaADVISORY
- github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-29272ghsaADVISORY
- vuln.ryotak.me/advisories/4nvdThird Party AdvisoryWEB
- github.com/microcosm-cc/bluemonday/commit/524f142fe46e945b7dcd291d7805c4b7dcf75beeghsaWEB
- github.com/microcosm-cc/bluemonday/issues/111ghsaWEB
- pkg.go.dev/vuln/GO-2022-0762ghsaWEB
- vuln.ryotak.me/advisories/4.txtghsaWEB
News mentions
0No linked articles in our index yet.