Vulnerability Description
An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sync | Oxygen Publishing Engine | < 22.1 |
| Sync | Oxygen Xml Author | < 22.1 |
| Sync | Oxygen Xml Developer | < 22.1 |
| Sync | Oxygen Xml Editor | < 22.1 |
| Sync | Oxygen Xml Webhelp | < 22.1 |
Related Weaknesses (CWE)
References
- https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.htmlPatchVendor Advisory
- https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.htmlPatchVendor Advisory
FAQ
What is CVE-2021-46827?
CVE-2021-46827 is a vulnerability with a CVSS score of 6.1 (MEDIUM). An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated usin...
How severe is CVE-2021-46827?
CVE-2021-46827 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46827?
Check the references section above for vendor advisories and patch information. Affected products include: Sync Oxygen Publishing Engine, Sync Oxygen Xml Author, Sync Oxygen Xml Developer, Sync Oxygen Xml Editor, Sync Oxygen Xml Webhelp.