CVE-2021-46827

{"id": "CVE-2021-46827", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-07-13T05:15:07.237", "references": [{"url": "https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field."}, {"lang": "es", "value": "Se ha detectado un problema en Oxygen XML WebHelp versiones anteriores a 22.1 build 2021082006 y versiones 23.x anteriores a 23.1 build 2021090310. Una vulnerabilidad de tipo XSS en las propuestas de t\u00e9rminos de b\u00fasqueda (en la documentaci\u00f3n en l\u00ednea generada con Oxygen XML WebHelp) permite a atacantes ejecutar JavaScript al convencer a un usuario de que escriba un texto espec\u00edfico en el campo de b\u00fasqueda de la salida de WebHelp"}], "lastModified": "2022-07-20T14:00:30.887", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97CBE27A-E9B1-4A81-A863-8ECCD2C685DE", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020061014:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95BA9710-B7FC-4B91-9D4D-B0D82492A55C"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020072823:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F333AD05-C30C-44DD-A2C0-82A1728BCF86"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020100801:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5ECBD35A-339C-4294-B29E-13B9A1C4992A"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:22.1:2020121711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A8548DD-E716-4BF9-BC03-59FBBD3FAE9E"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021040717:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA8760D9-91DF-4D6D-8430-15CEE268228A"}, {"criteria": "cpe:2.3:a:sync:oxygen_publishing_engine:23.1:2021060401:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82D1E10A-8F9C-43E3-BC0B-432966F370BE"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4403F888-2116-4667-8ECB-DF7567623EAF", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020061102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71B59AC1-3EA9-4DC0-9AD6-B8C1DD7AB900"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020072902:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22EC6803-5D64-43F2-B4E6-50BF33491CA4"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020100710:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C01AED80-95D6-4810-A42C-EB5F72DCF84F"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:22.1:2020121713:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AEDBCC2-E995-477B-A428-B5C7D8746D3D"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021030206:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6D94006-A0EB-45F2-9DBF-DBE03E1461AE"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021040908:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B46CE8F-B9D0-43C0-BF12-34F7D4D72144"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_author:23.1:2021061407:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0F97FE59-3867-4026-B5A7-B2BB89456230"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42D6F2C8-AF77-4654-ABE7-753A49ED3B43", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020061102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEFBA0BD-BF91-4CEB-B1B5-FCEB8E300B67"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020072902:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BA77776-BF12-4C50-A1B2-B8DE9F61CE88"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020100710:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "408E9DDF-72DF-463F-A443-1D1255F8D693"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:22.1:2020121713:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8482A592-3284-4F71-9068-A27C17A822D0"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021030206:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E6BADF9-8836-4E7D-8D66-956E3F2BDA98"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021040908:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B96522D6-754B-45C1-915D-F0958776BBD2"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_developer:23.1:2021061407:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1498AD01-6985-441E-8664-81429DCF7A9E"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D0C0DF7-CFAC-40DE-86A6-FD459A4DFED6", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020061102:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDEC0A68-BC08-4926-A89D-C43088FD6F38"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020072902:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "600D0891-E324-478A-826E-278668FB2C09"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020100710:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D5AF010-FB02-42BE-A2D5-C1960E3E524B"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:22.1:2020121713:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A4C1F04-96E3-4309-B212-BAE29FBDF7BA"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021030206:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D61BAC1A-B186-4F44-B6C8-0FBF24D8BB4A"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021040908:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "73DE8AD4-A52E-4724-B786-891CF0A88B79"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_editor:23.1:2021061407:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF44E243-3FF4-4420-B686-57F808251627"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9F760490-2552-42FC-A7B7-7C5E5830ADF2", "versionEndExcluding": "22.1"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020061014:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB3CAD3C-C703-4A0F-9746-DE67AE011C24"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020072412:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7468BF72-0213-4071-B8D0-68D4E521208D"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020100208:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7C3B5D6-815A-4F33-B9BE-CE768B7D6A6B"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:22.1:2020121713:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEF7FDB0-F8AE-4231-8C52-5A8913C77182"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021030210:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23E1A365-3BE5-48A8-9F39-35E6ED96170F"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021040711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0348AA1-0F88-45C2-A44D-8485C737F43A"}, {"criteria": "cpe:2.3:a:sync:oxygen_xml_webhelp:23.1:2021060306:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FFF113FD-3340-435E-B48F-AA4EAF750C9F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}