CVE-2021-45721: XSS
First published: Wed Jul 06 2022(Updated: )
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38.
Credit: reefs@jfrog.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jfrog Artifactory | >=6.0.0<6.23.38 | |
| Jfrog Artifactory | >=7.0.0<7.29.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-45721.
What is the severity of CVE-2021-45721?
CVE-2021-45721 has a severity rating of 6.1, which is classified as medium.
What is the affected software for CVE-2021-45721?
The affected software for CVE-2021-45721 is JFrog Artifactory versions prior to 7.29.8 and 6.23.38.
How does CVE-2021-45721 manifest in JFrog Artifactory?
CVE-2021-45721 manifests as a Reflected Cross-Site Scripting (XSS) vulnerability through one of the XHR parameters in the Users REST API endpoint.
How can CVE-2021-45721 be fixed?
To fix CVE-2021-45721, it is recommended to update JFrog Artifactory to version 7.29.8 or later, or version 6.23.38 or later.
- collector/nvd-index
- vendor/jfrog
- canonical/jfrog artifactory
- version/jfrog artifactory/6.0.0
- version/jfrog artifactory/7.0.0