Unrated severityOSV Advisory· Published Jun 2, 2021· Updated Aug 3, 2024
CVE-2021-3529
CVE-2021-3529
Description
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: v0.1.0, v1.0.0, v1.0.1, …
- Range: <5.7.0
Patches
Vulnerability mechanics
References
1- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
News mentions
0No linked articles in our index yet.