1. Home
  2. CVE Database
  3. CVE-2021-3529
HIGH · 7.1

CVE-2021-3529

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a pay...

Vulnerability Description

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW

Affected Products

VendorProductVersions
RedhatNoobaa-Operator< 5.7.0
RedhatOpenshift Container Platform4.0

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2021-3529?

CVE-2021-3529 is a vulnerability with a CVSS score of 7.1 (HIGH). A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a pay...

How severe is CVE-2021-3529?

CVE-2021-3529 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-3529?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Noobaa-Operator, Redhat Openshift Container Platform.