Medium severity5.4NVD Advisory· Published Feb 20, 2023· Updated Jun 17, 2026
CVE-2021-32852
CVE-2021-32852
Description
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<21.11+ 1 more
- (no CPE)range: <21.11
- (no CPE)range: 21.11
Patches
Vulnerability mechanics
References
4- securitylab.github.com/advisories/GHSL-2021-104-countly-server/nvdExploitThird Party Advisory
- github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/app.jsnvdThird Party Advisory
- github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acc6c3417/frontend/express/views/reset.htmlnvdThird Party Advisory
- github.com/Countly/countly-server/releases/tag/v21.11nvdRelease Notes
News mentions
0No linked articles in our index yet.