CVE-2021-46827

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2021-46827
An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

6.1 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html Patch Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sync:oxygen_publishing_engine:*:*:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020121711:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020100801:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020061014:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020072823:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021060401:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021040717:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_author:*:*:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_author:22.1:2020061102:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_developer:*:*:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_author:22.1:2020072902:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_author:22.1:2020100710:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_author:22.1:2020121713:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_author:23.1:2021061407:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_author:23.1:2021040908:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_author:23.1:2021030206:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020121713:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020100710:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020072902:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020061102:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021030206:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021040908:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021061407:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021030206:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021040908:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021061407:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_webhelp:*:*:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020121713:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020100710:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020072902:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020061102:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020061014:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020072412:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020121713:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020100208:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021030210:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021060306:*:*:*:*:*:*
cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021040711:*:*:*:*:*:*
Information

Published : 2022-07-12 22:15

Updated : 2022-07-20 07:00

NVD link : CVE-2021-46827

Mitre link : CVE-2021-46827

JSON object : View

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advertisement

dedicated server usa
Products Affected

sync

  • oxygen_xml_author
  • oxygen_xml_webhelp
  • oxygen_publishing_engine
  • oxygen_xml_developer
  • oxygen_xml_editor