CVE-2021-32852

CRITICAL Year: 2021
CVSS v3 Score
9.0
Critical
Weakness Type
CWE-79
View all →

Vulnerability Description

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.

Related Vulnerabilities

CVE-2016-9470

CRITICAL
CVSS:9.0(Critical)

Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables a...

CWE-792016

CVE-2019-17634

CRITICAL
CVSS:9.0(Critical)

Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cross site scripting (XSS) vulnerability when generating an HTML report from a malicious heap dump. The user must chose todownload, op...

CWE-792019

CVE-2019-18578

CRITICAL
CVSS:9.0(Critical)

Dell EMC XtremIO XMS versions prior to 6.3.0 contain a stored cross-site scripting vulnerability. A low-privileged malicious remote user of XtremIO may exploit this vulnerability to store malicious HT...

CWE-792019

CVE-2019-18588

CRITICAL
CVSS:9.0(Critical)

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scrip...

CWE-792019

CVE-2019-3873

CRITICAL
CVSS:9.0(Critical)

It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would accept an xinclude parameter in SAMLresponse XML. An attacker could use this flaw to send a URL to achieve ...

CWE-792019

CVE-2019-7551

CRITICAL
CVSS:9.0(Critical)

Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could ena...

CWE-792019