VYPR
Medium severity5.4NVD Advisory· Published May 21, 2023· Updated Jun 17, 2026

CVE-2021-46888

CVE-2021-46888

Description

An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.