Lucene search

GoogleOSV:CVE-2021-32092

HistoryMay 07, 2021 - 5:15 a.m.

CVE-2021-32092

2021-05-0705:15:08

Google

osv.dev

cross-site scripting

documentaction

u.s. national security agency

emissary 5.9.0

remote attackers

arbitrary web script

html

uuid parameter

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

46.8%

JSON

A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.

References

blog.sonarsource.com/code-vulnerabilities-in-nsa-application-revealed

portswigger.net/daily-swig/nsa-workflow-application-emissary-vulnerable-to-malicious-takeover