CVE-2021-33611
- Source
- https://cve.org/CVERecord?id=CVE-2021-33611
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-33611.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-33611
- Aliases
- Published
- 2021-11-02T10:15:07.683Z
- Modified
- 2026-02-15T00:32:03.579093Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL
- References
Affected packages
Git / github.com/vaadin/platform
Affected versions
14.*
14.0.0
14.0.1
14.0.2
14.1.0
14.1.0.alpha1
14.1.0.alpha3
14.1.0.beta1
14.1.0.beta2
14.1.1
14.1.2
14.2.0
14.2.0.alpha1
14.2.0.alpha10
14.2.0.alpha11
14.2.0.alpha2
14.2.0.alpha3
14.2.0.alpha4
14.2.0.alpha5
14.2.0.alpha6
14.2.0.alpha7
14.2.0.alpha8
14.2.0.alpha9
14.2.0.beta1
14.2.0.rc1
14.3.0
14.3.0.alpha1
14.3.0.beta1
14.3.0.beta2
14.3.0.beta3
14.3.0.rc1
14.4.0
14.4.0.alpha1
14.4.0.beta1
14.4.0.beta2
14.4.0.rc1
14.4.1
14.4.2
14.4.3
14.4.4
Git / github.com/vaadin/vaadin
Affected versions
v14.*
v14.0.0
v14.0.1
v14.0.2
v14.1.0
v14.1.0-alpha1
v14.1.0-alpha2
v14.1.0-alpha3
v14.1.0-alpha4
v14.1.0-alpha5
v14.1.0-beta1
v14.1.0-beta2
v14.1.0-beta3
v14.1.0-rc1
v14.1.1
v14.1.2
v14.2.0
v14.2.0-alpha1
v14.2.0-alpha10
v14.2.0-alpha11
v14.2.0-alpha2
v14.2.0-alpha3
v14.2.0-alpha4
v14.2.0-alpha5
v14.2.0-alpha6
v14.2.0-alpha7
v14.2.0-alpha8
v14.2.0-alpha9
v14.2.0-beta1
v14.2.0-rc1
v14.3.0
v14.3.0-alpha1
v14.3.0-beta1
v14.3.0-beta2
v14.3.0-beta3
v14.3.0-rc1
v14.4.0
v14.4.0-alpha1
v14.4.0-beta1
v14.4.0-beta2
v14.4.0-rc1
v14.4.1
v14.4.2
v14.4.3
v14.4.4