Security Advisory

CVE-2021-39169

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-08-27 12:40:09

Last updated 2024-08-04 01:58:18

Assigner GitHub_M

State PUBLISHED

Description

Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading.

← Browse all CVEs View on cve.org ↗