CVE-2021-32850 MEDIUM

CVE-2021-32850: jQuery MiniColors vulnerable to Cross-site Scripting

Vendor Npm

Product @claviska/jquery-minicolors

Weakness CWE-79 · XSS

Published February 20, 2023

Last update March 10, 2025

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.

Key dates

02Disclosure timeline

February 20, 2023 CVE published

March 10, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-32850

Related vulnerabilities

04Related CVE

CVE-2023-51685 WordPress WP Review Slider Plugin <= 12.7 is vulnerable to Cross Site Scripting (XSS) CVE-2026-27367 WordPress Musico theme < 3.4.5 - Cross Site Scripting (XSS) vulnerability CVE-2020-8189 CVE-2025-58232 WordPress Image Editor by Pixo Plugin <= 2.3.8 - Cross Site Scripting (XSS) Vulnerability CVE-2024-37521 WordPress zBench theme <= 1.4.2 - Cross Site Scripting (XSS) vulnerability