CVE-2021-3163

ADVISORY - github

Summary

A vulnerability in the HTML editor of Slab Quill allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. No patch exists and no further releases are planned.

This CVE is disputed. Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser. More information can be found here.

EPSS Score⁠: 0.00496 (0.649)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - github

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

NIST

CREATED

5 years ago

UPDATED

11 months ago

ADVISORY IDCVE-2021-3163⁠

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

6.1medium

GitHub

CREATED

4 years ago

UPDATED

1 year ago

ADVISORY IDGHSA-4943-9vgg-gr5r⁠

EXPLOITABILITY SCORE

1.6

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CVSS SCORE

4.2medium

GitLab

CREATED

5 years ago

UPDATED

2 years ago

ADVISORY ID

CVE-2021-3163

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)

CWE-1035⁠CWE-79⁠CWE-937⁠

CVSS SCORE

6.1medium

intheWild

CREATED

8 months ago

UPDATED

8 months ago

ADVISORY IDCVE-2021-3163⁠

EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY