CVE-2021-29399: XSS
First published: Mon Apr 19 2021(Updated: )
XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xmbforum2 Xmb | >=1.9.1<1.9.11.16 | |
| PHP PHP | =5.0.0 | |
| Xmbforum2 Xmb | >=1.9.11<1.9.11.16 | |
| Xmbforum2 Xmb | >=1.9.12<1.9.12.03 | |
| PHP PHP | =7.0.0 | |
| PHP PHP | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this XMB vulnerability?
The vulnerability ID for this XMB vulnerability is CVE-2021-29399.
What is the title of this XMB vulnerability?
The title of this XMB vulnerability is 'XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input.'
What is the severity of CVE-2021-29399?
The severity of CVE-2021-29399 is medium with a CVSSv3 score of 6.1.
How does CVE-2021-29399 affect XMB installations?
CVE-2021-29399 affects all versions of XMB.
How can I fix CVE-2021-29399 in XMB installations?
All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16 to fix CVE-2021-29399.
- collector/nvd-index
- agent/author
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/xmbforum2
- canonical/xmbforum2 xmb
- version/xmbforum2 xmb/1.9.1
- vendor/php
- canonical/php php
- version/php php/5.0.0
- version/xmbforum2 xmb/1.9.11
- version/xmbforum2 xmb/1.9.12
- version/php php/7.0.0
- version/php php/8.0.0