CVE-2021-44667: XSS
First published: Fri Mar 11 2022(Updated: )
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Alibaba Nacos | =2.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-44667?
The severity of CVE-2021-44667 is medium with a CVSS score of 6.1.
How does the Cross Site Scripting (XSS) vulnerability in Nacos 2.0.3 impact users?
The Cross Site Scripting (XSS) vulnerability in Nacos 2.0.3 allows attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access, cookie theft, or other malicious activities.
What is the affected software version for CVE-2021-44667?
The affected software version for CVE-2021-44667 is Nacos 2.0.3.
How can I fix the Cross Site Scripting (XSS) vulnerability in Nacos 2.0.3?
To fix the Cross Site Scripting (XSS) vulnerability in Nacos 2.0.3, update to a version that addresses the vulnerability. Check the official Nacos website or the vendor's advisory for the latest patches or upgrades.
Where can I find more information about CVE-2021-44667?
You can find more information about CVE-2021-44667 on the official GitHub page of Nacos: [https://github.com/alibaba/nacos/issues/7359](https://github.com/alibaba/nacos/issues/7359)
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/alibaba
- canonical/alibaba nacos
- version/alibaba nacos/2.0.3