CVE-2021-3914

{"id": "CVE-2021-3914", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2022-08-25T20:15:09.363", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2021-3914", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2018015", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks."}, {"lang": "es", "value": "Se ha detectado que el componente de la interfaz de usuario de smallrye health metrics no sanea correctamente algunas entradas del usuario. Un atacante podr\u00eda usar este fallo para conducir ataques de tipo cross-site scripting."}], "lastModified": "2022-09-02T13:07:32.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:build_of_quarkus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0B7F662-E62B-41CB-8984-E3C3063B0B03", "versionEndExcluding": "2.7.5"}, {"criteria": "cpe:2.3:a:redhat:build_of_quarkus:-:*:*:*:text-only:*:*:*", "vulnerable": true, "matchCriteriaId": "C4724F20-5376-4FB0-8DFA-A75004E2F60D"}, {"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "183C1FAB-3101-4155-BAA4-819EE997E436"}, {"criteria": "cpe:2.3:a:redhat:smallrye_health:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A978C871-E4D4-4622-B14F-4D92928679C7"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}