CVE-2021-3529 - AskarLabs CVE Database

CVE-2021-3529

Vendor N/A

Product noobaa-core

Weakness CWE-79 · XSS

Published June 2, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.

Key dates

02Disclosure timeline

June 2, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-3529 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-34815 Endian Firewall /cgi-bin/smtpdomains.cgi DOMAIN Stored Cross-Site Scripting CVE-2024-5125 XSS and Open Redirect via SVG File Upload in parisneo/lollms-webui CVE-2024-2026 Passster <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via content_protector Shortcode CVE-2022-47421 WordPress ARMember (free) and ARMember (premium) plugins - vulnerable to Auth. Stored Cross Site Scripting (XSS) CVE-2025-30778 WordPress VForm plugin <= 3.1.9 - Reflected Cross Site Scripting (XSS) vulnerability