Unrated severityNVD Advisory· Published Aug 27, 2021· Updated Aug 4, 2024

XSS vulnerability using dialog

CVE-2021-39169

Description

Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading.

Affected products

Misskey Dev/Misskeyv5
Range: < 12.51.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/misskey-dev/misskey/commit/ec203f7f795766f76b55fecc9248168c1cdf6c99mitrex_refsource_MISC
github.com/misskey-dev/misskey/security/advisories/GHSA-pmmv-jwqh-f5wwmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000