Moderate severityNVD Advisory· Published Nov 2, 2021· Updated Sep 17, 2024
Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14
CVE-2021-33611
Description
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.vaadin:vaadin-bomMaven | >= 14.0.0, < 14.4.5 | 14.4.5 |
org.webjars.bowergithub.vaadin:vaadin-menu-barMaven | >= 1.0.0, < 1.2.1 | 1.2.1 |
Affected products
4- ghsa-coords2 versions
>= 14.0.0, < 14.4.5+ 1 more
- (no CPE)range: >= 14.0.0, < 14.4.5
- (no CPE)range: >= 1.0.0, < 1.2.1
- Range: 1.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-93c4-vf86-3rj7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-33611ghsaADVISORY
- github.com/vaadin/platform/security/advisories/GHSA-93c4-vf86-3rj7ghsaWEB
- github.com/vaadin/vaadin-menu-bar/pull/126ghsax_refsource_CONFIRMWEB
- vaadin.com/security/cve-2021-33611ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.