and execute JavaScript code on the client side.", "datePublished": "2021-05-28T20:20:17Z", "dateModified": "2024-08-03T23:25:30Z", "keywords": "CVE-2021-32616, vulnerability, CVE, security, cdn, onedotprojects", "about": { "@type": "SoftwareApplication", "name": "cdn", "applicationCategory": "SecurityApplication", "operatingSystem": "All" } }
CVE-2021-32616 HIGH

CVE-2021-32616: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in 1CDN

Vendor Onedotprojects
Product cdn
Weakness CWE-79 · XSS
Published May 28, 2021
Last update August 3, 2024

CVSS base score

8.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

1CDN is open-source file sharing software. In 1CDN before commit f88a2730fa50fc2c2aeab09011f6f142fd90ec25, there is a basic cross-site scripting vulnerability that allows an attacker to inject /<script>//code</script> and execute JavaScript code on the client side.

Key dates

02Disclosure timeline

May 28, 2021 CVE published
August 3, 2024 Record updated