CVE-2021-32852

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-32852
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32852.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32852
Published
2023-02-20T22:15:11.160Z
Modified
2026-04-10T04:34:41.381128Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21.11 of the community edition. The victim must follow a malicious link or be redirected there from malicious web site. The attacker must have an account or be able to create one. This issue is patched in version 21.11.

References

Affected packages

Git / github.com/countly/countly-server

Affected ranges

Type
GIT
Repo
https://github.com/countly/countly-server
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
91bd1e96833279ee1029f456322a93c53b7cb64e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "21.11"
        }
    ]
}

Affected versions

16.*
16.02.1
16.06
Other
SERVER-1658
countly-server-v13.*
countly-server-v13.06
v13.*
v13.10
v14.*
v14.08
v16.*
v16.12
v17.*
v17.05
v17.09
v18.*
v18.01
v18.01.1
v18.04
v18.04.1
v18.08
v19.*
v19.02
v20.*
v20.11
v20.11.1
v20.11.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32852.json"