{ "id": "CVE-2021-46827", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-13T05:15:07.237", "lastModified": "2022-07-20T14:00:30.887", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field." }, { "lang": "es", "value": "Se ha detectado un problema en Oxygen XML WebHelp versiones anteriores a 22.1 build 2021082006 y versiones 23.x anteriores a 23.1 build 2021090310. Una vulnerabilidad de tipo XSS en las propuestas de t\u00e9rminos de b\u00fasqueda (en la documentaci\u00f3n en l\u00ednea generada con Oxygen XML WebHelp) permite a atacantes ejecutar JavaScript al convencer a un usuario de que escriba un texto espec\u00edfico en el campo de b\u00fasqueda de la salida de WebHelp" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, "impactScore": 2.7 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.1", "matchCriteriaId": "97CBE27A-E9B1-4A81-A863-8ECCD2C685DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020061014:*:*:*:*:*:*", "matchCriteriaId": "95BA9710-B7FC-4B91-9D4D-B0D82492A55C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020072823:*:*:*:*:*:*", "matchCriteriaId": "F333AD05-C30C-44DD-A2C0-82A1728BCF86" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020100801:*:*:*:*:*:*", "matchCriteriaId": "5ECBD35A-339C-4294-B29E-13B9A1C4992A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020121711:*:*:*:*:*:*", "matchCriteriaId": "9A8548DD-E716-4BF9-BC03-59FBBD3FAE9E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021040717:*:*:*:*:*:*", "matchCriteriaId": "DA8760D9-91DF-4D6D-8430-15CEE268228A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021060401:*:*:*:*:*:*", "matchCriteriaId": "82D1E10A-8F9C-43E3-BC0B-432966F370BE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_author:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.1", "matchCriteriaId": "4403F888-2116-4667-8ECB-DF7567623EAF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020061102:*:*:*:*:*:*", "matchCriteriaId": "71B59AC1-3EA9-4DC0-9AD6-B8C1DD7AB900" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020072902:*:*:*:*:*:*", "matchCriteriaId": "22EC6803-5D64-43F2-B4E6-50BF33491CA4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020100710:*:*:*:*:*:*", "matchCriteriaId": "C01AED80-95D6-4810-A42C-EB5F72DCF84F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020121713:*:*:*:*:*:*", "matchCriteriaId": "9AEDBCC2-E995-477B-A428-B5C7D8746D3D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021030206:*:*:*:*:*:*", "matchCriteriaId": "D6D94006-A0EB-45F2-9DBF-DBE03E1461AE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021040908:*:*:*:*:*:*", "matchCriteriaId": "5B46CE8F-B9D0-43C0-BF12-34F7D4D72144" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021061407:*:*:*:*:*:*", "matchCriteriaId": "0F97FE59-3867-4026-B5A7-B2BB89456230" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_developer:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.1", "matchCriteriaId": "42D6F2C8-AF77-4654-ABE7-753A49ED3B43" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020061102:*:*:*:*:*:*", "matchCriteriaId": "FEFBA0BD-BF91-4CEB-B1B5-FCEB8E300B67" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020072902:*:*:*:*:*:*", "matchCriteriaId": "7BA77776-BF12-4C50-A1B2-B8DE9F61CE88" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020100710:*:*:*:*:*:*", "matchCriteriaId": "408E9DDF-72DF-463F-A443-1D1255F8D693" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020121713:*:*:*:*:*:*", "matchCriteriaId": "8482A592-3284-4F71-9068-A27C17A822D0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021030206:*:*:*:*:*:*", "matchCriteriaId": "2E6BADF9-8836-4E7D-8D66-956E3F2BDA98" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021040908:*:*:*:*:*:*", "matchCriteriaId": "B96522D6-754B-45C1-915D-F0958776BBD2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021061407:*:*:*:*:*:*", "matchCriteriaId": "1498AD01-6985-441E-8664-81429DCF7A9E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_editor:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.1", "matchCriteriaId": "6D0C0DF7-CFAC-40DE-86A6-FD459A4DFED6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020061102:*:*:*:*:*:*", "matchCriteriaId": "CDEC0A68-BC08-4926-A89D-C43088FD6F38" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020072902:*:*:*:*:*:*", "matchCriteriaId": "600D0891-E324-478A-826E-278668FB2C09" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020100710:*:*:*:*:*:*", "matchCriteriaId": "3D5AF010-FB02-42BE-A2D5-C1960E3E524B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020121713:*:*:*:*:*:*", "matchCriteriaId": "8A4C1F04-96E3-4309-B212-BAE29FBDF7BA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021030206:*:*:*:*:*:*", "matchCriteriaId": "D61BAC1A-B186-4F44-B6C8-0FBF24D8BB4A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021040908:*:*:*:*:*:*", "matchCriteriaId": "73DE8AD4-A52E-4724-B786-891CF0A88B79" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021061407:*:*:*:*:*:*", "matchCriteriaId": "BF44E243-3FF4-4420-B686-57F808251627" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:*:*:*:*:*:*:*:*", "versionEndExcluding": "22.1", "matchCriteriaId": "9F760490-2552-42FC-A7B7-7C5E5830ADF2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020061014:*:*:*:*:*:*", "matchCriteriaId": "DB3CAD3C-C703-4A0F-9746-DE67AE011C24" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020072412:*:*:*:*:*:*", "matchCriteriaId": "7468BF72-0213-4071-B8D0-68D4E521208D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020100208:*:*:*:*:*:*", "matchCriteriaId": "B7C3B5D6-815A-4F33-B9BE-CE768B7D6A6B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020121713:*:*:*:*:*:*", "matchCriteriaId": "DEF7FDB0-F8AE-4231-8C52-5A8913C77182" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021030210:*:*:*:*:*:*", "matchCriteriaId": "23E1A365-3BE5-48A8-9F39-35E6ED96170F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021040711:*:*:*:*:*:*", "matchCriteriaId": "C0348AA1-0F88-45C2-A44D-8485C737F43A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021060306:*:*:*:*:*:*", "matchCriteriaId": "FFF113FD-3340-435E-B48F-AA4EAF750C9F" } ] } ] } ], "references": [ { "url": "https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html", "source": "cve@mitre.org", "tags": [ "Patch", "Vendor Advisory" ] } ] }