CVE-2021-20784 MEDIUM

CVE-2021-20784

Vendor Voidtools
Product Everything
Weakness CWE-644
Published July 14, 2021
Last update December 3, 2024

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product.

Key dates

02Disclosure timeline

July 14, 2021 CVE published
December 3, 2024 Record updated