CVE-2021-3824: XSS
First published: Thu Sep 23 2021(Updated: )
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.
Credit: security@openvpn.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Openvpn Openvpn Access Server | >=2.9.0<=2.9.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID of this OpenVPN Access Server vulnerability?
The vulnerability ID of this OpenVPN Access Server vulnerability is CVE-2021-3824.
What is the severity of CVE-2021-3824?
The severity of CVE-2021-3824 is medium.
How does CVE-2021-3824 affect OpenVPN Access Server?
CVE-2021-3824 allows remote attackers to inject arbitrary web script or HTML via the web login page URL on OpenVPN Access Server 2.9.0 through 2.9.4.
How can I fix CVE-2021-3824 in OpenVPN Access Server?
To fix CVE-2021-3824 in OpenVPN Access Server, you should update to version 2.9.5 or later.
Where can I find more information about CVE-2021-3824?
You can find more information about CVE-2021-3824 in the release notes of OpenVPN Access Server 2.9.5.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/openvpn
- canonical/openvpn openvpn access server
- version/openvpn openvpn access server/2.9.0
- version/openvpn openvpn access server/2.9.4