XSS in Misskey-dev Misskey
CVE-2021-39169
Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (55.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.0 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Misskey-dev Misskey — versions < 12.51.0
Weakness classification (CWE)
References
- github.com/misskey-dev/misskey/security/advisories/GHSA-pmmv-jwqh-f5ww (x_refsource_CONFIRM)
- github.com/misskey-dev/misskey/commit/ec203f7f795766f76b55fecc9248168c1cdf6c99 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-39169?
- CVE-2021-39169 is a high-severity vulnerability in Misskey-dev Misskey, classified under Cross-site Scripting. CVSS score: 8.0/10. Published 2021-08-27.
- How severe is CVE-2021-39169?
- High severity. CVSS v3 base score is 8.0 out of 10.