CVE-2021-29979: XSS
First published: Wed Jul 14 2021(Updated: )
Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.
Credit: security@mozilla.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mozilla Hubs Cloud | ||
| Mozilla Hubs Cloud Reticulum | <1.0.1 | 1.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-29979?
CVE-2021-29979 is classified as a high severity vulnerability due to its potential for JavaScript execution in the hosting domain.
How do I fix CVE-2021-29979?
To fix CVE-2021-29979, update your Hubs Cloud software to version 1.0.1 or later.
What causes CVE-2021-29979?
CVE-2021-29979 is caused by the ability of users to download shared HTML and JavaScript content that can execute in the primary hosting domain.
Which versions of Hubs Cloud are affected by CVE-2021-29979?
Hubs Cloud versions prior to 1.0.1 are affected by CVE-2021-29979.
Is CVE-2021-29979 under active exploitation?
There is no public indication that CVE-2021-29979 is currently under active exploitation.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/mozilla-advisory
- agent/software-canonical-lookup-request
- source/Mozilla
- agent/software-canonical-lookup
- vendor/mozilla
- canonical/mozilla hubs cloud
- canonical/mozilla hubs cloud reticulum