Moderate severityNVD Advisory· Published Mar 11, 2022· Updated Aug 4, 2024
CVE-2021-44667
CVE-2021-44667
Description
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.alibaba.nacos:nacos-commonMaven | >= 2.0.0-ALPHA.1, < 2.1.0-BETA | 2.1.0-BETA |
com.alibaba.nacos:nacos-commonMaven | < 1.4.5 | 1.4.5 |
Affected products
2- Nacos/Nacosdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-4gr7-qw2q-jxh6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-44667ghsaADVISORY
- github.com/alibaba/nacos/commit/cd6d7e33b94f24814701f3faf8b632e5e85444c5ghsaWEB
- github.com/alibaba/nacos/commit/d062fcafad0acd01673d404319526415a4af372bghsaWEB
- github.com/alibaba/nacos/issues/7359ghsax_refsource_MISCWEB
- github.com/alibaba/nacos/pull/7364ghsaWEB
- github.com/alibaba/nacos/pull/8980ghsaWEB
News mentions
0No linked articles in our index yet.