CVE-2021-32852 MEDIUM

CVE-2021-32852: countly-server vulnerable to Cross-site Scripting

Vendor Countly
Product countly-server
Weakness CWE-79 · XSS
Published February 20, 2023
Last update March 10, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.

Key dates

02Disclosure timeline

February 20, 2023 CVE published
March 10, 2025 Record updated