Vulnerability Description
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Count | Countly Server | < 21.11 |
Related Weaknesses (CWE)
References
- https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acThird Party Advisory
- https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acThird Party Advisory
- https://github.com/Countly/countly-server/releases/tag/v21.11Release Notes
- https://securitylab.github.com/advisories/GHSL-2021-104-countly-server/ExploitThird Party Advisory
- https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acThird Party Advisory
- https://github.com/Countly/countly-server/blob/6b90bb775e747cabe46fe197c6a6989acThird Party Advisory
- https://github.com/Countly/countly-server/releases/tag/v21.11Release Notes
- https://securitylab.github.com/advisories/GHSL-2021-104-countly-server/ExploitThird Party Advisory
FAQ
What is CVE-2021-32852?
CVE-2021-32852 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malici...
How severe is CVE-2021-32852?
CVE-2021-32852 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32852?
Check the references section above for vendor advisories and patch information. Affected products include: Count Countly Server.