CVE-2021-46827

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html	Patch Vendor Advisory
https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sync:oxygen_publishing_engine::::::::
	cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020061014::::::
	cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020072823::::::
	cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020100801::::::
	cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020121711::::::
	cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021040717::::::
	cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021060401::::::
	cpe:2.3:a:sync:oxygen_xml_author::::::::
	cpe:2.3:a:sync:oxygen_xml_author:22.1:2020061102::::::
	cpe:2.3:a:sync:oxygen_xml_author:22.1:2020072902::::::
	cpe:2.3:a:sync:oxygen_xml_author:22.1:2020100710::::::
	cpe:2.3:a:sync:oxygen_xml_author:22.1:2020121713::::::
	cpe:2.3:a:sync:oxygen_xml_author:23.1:2021030206::::::
	cpe:2.3:a:sync:oxygen_xml_author:23.1:2021040908::::::
	cpe:2.3:a:sync:oxygen_xml_author:23.1:2021061407::::::
	cpe:2.3:a:sync:oxygen_xml_developer::::::::
	cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020061102::::::
	cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020072902::::::
	cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020100710::::::
	cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020121713::::::
	cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021030206::::::
	cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021040908::::::
	cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021061407::::::
	cpe:2.3:a:sync:oxygen_xml_editor::::::::
	cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020061102::::::
	cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020072902::::::
	cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020100710::::::
	cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020121713::::::
	cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021030206::::::
	cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021040908::::::
	cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021061407::::::
	cpe:2.3:a:sync:oxygen_xml_webhelp::::::::
	cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020061014::::::
	cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020072412::::::
	cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020100208::::::
	cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020121713::::::
	cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021030210::::::
	cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021040711::::::
	cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021060306::::::

History

21 Nov 2024, 06:34

Type	Values Removed	Values Added
References	~~() https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html - Patch, Vendor Advisory~~	() https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html - Patch, Vendor Advisory

20 Jul 2022, 14:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021030210:::::: cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021040908:::::: cpe:2.3:a:sync:oxygen_xml_webhelp:::::::: cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020100208:::::: cpe:2.3:a:sync:oxygen_xml_author:23.1:2021030206:::::: cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021040717:::::: cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021040711:::::: cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021030206:::::: cpe:2.3:a:sync:oxygen_xml_developer:::::::: cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021030206:::::: cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021061407:::::: cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020121713:::::: cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020061014:::::: cpe:2.3:a:sync:oxygen_xml_author:22.1:2020121713:::::: cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020072902:::::: cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020061102:::::: cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020061102:::::: cpe:2.3:a:sync:oxygen_xml_author:22.1:2020061102:::::: cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020100710:::::: cpe:2.3:a:sync:oxygen_publishing_engine:::::::: cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020121713:::::: cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021060401:::::: cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020072902:::::: cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021060306:::::: cpe:2.3:a:sync:oxygen_xml_author:22.1:2020100710:::::: cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021040908:::::: cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020072412:::::: cpe:2.3:a:sync:oxygen_xml_author:::::::: cpe:2.3:a:sync:oxygen_xml_author:22.1:2020072902:::::: cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020072823:::::: cpe:2.3:a:sync:oxygen_xml_editor:::::::: cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020061014:::::: cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020121711:::::: cpe:2.3:a:sync:oxygen_xml_author:23.1:2021040908:::::: cpe:2.3:a:sync:oxygen_xml_author:23.1:2021061407:::::: cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020100710:::::: cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020121713:::::: cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021061407:::::: cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020100801::::::
CWE		CWE-79
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
References	~~(MISC) https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html -~~	(MISC) https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html - Patch, Vendor Advisory

13 Jul 2022, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-07-13 05:15

Updated : 2024-11-21 06:34

NVD link : CVE-2021-46827

Mitre link : CVE-2021-46827

CVE.ORG link : CVE-2021-46827

JSON object : View

Products Affected

sync

oxygen_xml_editor
oxygen_xml_developer
oxygen_publishing_engine
oxygen_xml_author
oxygen_xml_webhelp

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-46827", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-07-13T05:15:07.237", "references": [{"url": "https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field."}, {"lang": "es", "value": "Se ha detectado un problema en Oxygen XML WebHelp versiones anteriores a 22.1 build 2021082006 y versiones 23.x anteriores a 23.1 build 2021090310. Una vulnerabilidad de tipo XSS en las propuestas de t\u00e9rminos de b\u00fasqueda (en la documentaci\u00f3n en l\u00ednea generada con Oxygen XML WebHelp) permite a atacantes ejecutar JavaScript al convencer a un usuario de que escriba un texto espec\u00edfico en el campo de b\u00fasqueda de la salida de WebHelp"}], "lastModified": "2024-11-21T06:34:46.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97CBE27A-E9B1-4A81-A863-8ECCD2C685DE", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020061014:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95BA9710-B7FC-4B91-9D4D-B0D82492A55C"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020072823:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F333AD05-C30C-44DD-A2C0-82A1728BCF86"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020100801:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ECBD35A-339C-4294-B29E-13B9A1C4992A"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020121711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A8548DD-E716-4BF9-BC03-59FBBD3FAE9E"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021040717:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA8760D9-91DF-4D6D-8430-15CEE268228A"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021060401:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82D1E10A-8F9C-43E3-BC0B-432966F370BE"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4403F888-2116-4667-8ECB-DF7567623EAF", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020061102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71B59AC1-3EA9-4DC0-9AD6-B8C1DD7AB900"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020072902:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22EC6803-5D64-43F2-B4E6-50BF33491CA4"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020100710:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C01AED80-95D6-4810-A42C-EB5F72DCF84F"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020121713:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AEDBCC2-E995-477B-A428-B5C7D8746D3D"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021030206:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D94006-A0EB-45F2-9DBF-DBE03E1461AE"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021040908:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B46CE8F-B9D0-43C0-BF12-34F7D4D72144"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021061407:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F97FE59-3867-4026-B5A7-B2BB89456230"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42D6F2C8-AF77-4654-ABE7-753A49ED3B43", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020061102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEFBA0BD-BF91-4CEB-B1B5-FCEB8E300B67"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020072902:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BA77776-BF12-4C50-A1B2-B8DE9F61CE88"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020100710:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "408E9DDF-72DF-463F-A443-1D1255F8D693"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020121713:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8482A592-3284-4F71-9068-A27C17A822D0"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021030206:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E6BADF9-8836-4E7D-8D66-956E3F2BDA98"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021040908:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B96522D6-754B-45C1-915D-F0958776BBD2"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021061407:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1498AD01-6985-441E-8664-81429DCF7A9E"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D0C0DF7-CFAC-40DE-86A6-FD459A4DFED6", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020061102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDEC0A68-BC08-4926-A89D-C43088FD6F38"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020072902:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "600D0891-E324-478A-826E-278668FB2C09"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020100710:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D5AF010-FB02-42BE-A2D5-C1960E3E524B"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020121713:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A4C1F04-96E3-4309-B212-BAE29FBDF7BA"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021030206:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D61BAC1A-B186-4F44-B6C8-0FBF24D8BB4A"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021040908:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73DE8AD4-A52E-4724-B786-891CF0A88B79"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021061407:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF44E243-3FF4-4420-B686-57F808251627"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F760490-2552-42FC-A7B7-7C5E5830ADF2", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020061014:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB3CAD3C-C703-4A0F-9746-DE67AE011C24"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020072412:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7468BF72-0213-4071-B8D0-68D4E521208D"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020100208:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7C3B5D6-815A-4F33-B9BE-CE768B7D6A6B"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020121713:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEF7FDB0-F8AE-4231-8C52-5A8913C77182"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021030210:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E1A365-3BE5-48A8-9F39-35E6ED96170F"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021040711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0348AA1-0F88-45C2-A44D-8485C737F43A"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021060306:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFF113FD-3340-435E-B48F-AA4EAF750C9F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

6.1 /10