VYPR
Moderate severityNVD Advisory· Published Nov 2, 2021· Updated Sep 17, 2024

Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14

CVE-2021-33611

Description

Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
com.vaadin:vaadin-bomMaven
>= 14.0.0, < 14.4.514.4.5
org.webjars.bowergithub.vaadin:vaadin-menu-barMaven
>= 1.0.0, < 1.2.11.2.1

Affected products

4

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.