cvelist/2021/3xxx/CVE-2021-3767.json

{
   "CVE_data_meta":{
      "ASSIGNER":"security@huntr.dev",
      "ID":"CVE-2021-3767",
      "STATE":"PUBLIC",
      "TITLE":"Cross-site Scripting (XSS) - Stored in bookstackapp/bookstack"
   },
   "affects":{
      "vendor":{
         "vendor_data":[
            {
               "product":{
                  "product_data":[
                     {
                        "product_name":"bookstackapp/bookstack",
                        "version":{
                           "version_data":[
                              {
                                 "version_affected":"<",
                                 "version_value":"21.08.2"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name":"bookstackapp"
            }
         ]
      }
   },
   "data_format":"MITRE",
   "data_type":"CVE",
   "data_version":"4.0",
   "description":{
      "description_data":[
         {
            "lang":"eng",
            "value":"bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
         }
      ]
   },
   "impact":{
      "cvss":{
         "attackComplexity":"LOW",
         "attackVector":"NETWORK",
         "availabilityImpact":"NONE",
         "baseScore":5.4,
         "baseSeverity":"MEDIUM",
         "confidentialityImpact":"LOW",
         "integrityImpact":"LOW",
         "privilegesRequired":"LOW",
         "scope":"UNCHANGED",
         "userInteraction":"NONE",
         "vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
         "version":"3.0"
      }
   },
   "problemtype":{
      "problemtype_data":[
         {
            "description":[
               {
                  "lang":"eng",
                  "value":"CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
               }
            ]
         }
      ]
   },
   "references":{
      "reference_data":[
         {
            "name":"https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980",
            "refsource":"CONFIRM",
            "url":"https://huntr.dev/bounties/7ec92c85-30eb-4071-8891-6183446ca980"
         },
         {
            "name":"https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64",
            "refsource":"MISC",
            "url":"https://github.com/bookstackapp/bookstack/commit/040997fdc4414776bcac06a3cbaac3b26b5e8a64"
         }
      ]
   },
   "source":{
      "advisory":"7ec92c85-30eb-4071-8891-6183446ca980",
      "discovery":"EXTERNAL"
   }
}