CVE-2021-29271

Publication date

2021-03-27 17:57:06

Family

mitre

State

PUBLISHED

Description

remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go.