CVE-2021-39391
Cross-site Scripting in Beego
6.1
MEDIUM
CVSS 3.1
EPSS 0.24%
Description
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
How to fix CVE-2021-39391
To remediate CVE-2021-39391, upgrade the affected package to a fixed version below.
- Go/github.com/beego/beego/v2—upgrade to 2.0.2 or later
Is CVE-2021-39391 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 2.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |