VWE-2021-6076 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2021-6076
This page is a chapter in Info Known Vulnerabilities

This page has been seen 89,595 times.

- Created by
  pegasus
  on October 17, 2021

Common Name None
VWE-ID VWE-2021-6076
Related Report None
Severity MEDIUM
Exploit Difficulty Difficult
Platform Affects all platforms supported by the vulnerable versions.
Description HTML Injection. A malicious editor can save specially crafted content that is later loaded as WYSIWYG editor content by an unsuspecting user editing the same page, and if the second user opens certain editor dialogs while having that content selected, the content can be displayed to the user unescaped.

Discovered April 28, 2021
Resolved May 3, 2021
Patches Available 4.1.1 Patch Level 4
4.1.0 Patch Level 6
4.1.0 RC 3 Patch Level 8
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2021-6076
Related Report	None
Severity	MEDIUM
Exploit Difficulty	Difficult
Platform	Affects all platforms supported by the vulnerable versions.
Description	HTML Injection. A malicious editor can save specially crafted content that is later loaded as WYSIWYG editor content by an unsuspecting user editing the same page, and if the second user opens certain editor dialogs while having that content selected, the content can be displayed to the user unescaped.
Discovered	April 28, 2021
Resolved	May 3, 2021
Patches Available	4.1.1 Patch Level 4 4.1.0 Patch Level 6 4.1.0 RC 3 Patch Level 8