CVE-2021-3780
Cross-site Scripting in peertube
6.1
MEDIUM
CVSS 3.1
EPSS 0.31%
Description
peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). It was found that one could upload a SVG image and then send the url of that to other users and when they open the link we can get their complete session keys as the session keys stored in local storage and with Javascript easily can be stolen by attackers.
How to fix CVE-2021-3780
To remediate CVE-2021-3780, upgrade the affected package to a fixed version below.
- —upgrade to 3.4.0 or later
Is CVE-2021-3780 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.4.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |