CVE-2021-45721
6.1
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Summary
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| JFrog | JFrog Artifactory | JFrog Artifactory versions before 7.36.1 < 7.29.8 | affected |
| JFrog | JFrog Artifactory | JFrog Artifactory versions before 6.23.41 < 6.23.38 | affected |
Weaknesses
- CWE-79: CWE-79 Cross-site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
- https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API
References
- https://www.jfrog.com/confluence/display/JFROG/JFrog+Security+Advisories
- https://www.jfrog.com/confluence/display/JFROG/CVE-2021-45721%3A+Cross-Site+Script+%28XSS%29+on+User+REST+API
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.