CVE-2021-33611
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Vaadin | Vaadin | 14.0.0 < unspecified | affected |
| Vaadin | Vaadin | unspecified <= 14.4.4 | affected |
| Vaadin | vaadin-menu-bar | 1.0.0 < unspecified | affected |
| Vaadin | vaadin-menu-bar | unspecified <= 1.2.0 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.