CVE-2021-40927

Source
https://cve.org/CVERecord?id=CVE-2021-40927
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40927.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-40927
Published
2021-10-01T16:15:07.520Z
Modified
2026-04-10T04:38:35.174952Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter.

References

Affected packages

Git / github.com/citelao/Spotify-for-Alfred

Affected ranges

Type
GIT
Repo
https://github.com/citelao/Spotify-for-Alfred
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.13.9"
        }
    ]
}

Affected versions

0.*
0.8
0.81
0.82
Other
untagged-01605e31ce682aaeb064
untagged-047e50cd91ceff37048b
untagged-09d7eb04afca105e6d3c
untagged-5a073d2024cacb9fdd3a
untagged-5e19b1d94781ceedca76
untagged-9ce37879c78052fd7061
untagged-ba3630bdee5766d3549e
untagged-bc0e0cdc8e84f88f4273
untagged-cc61581aa4bf11ee3201
untagged-d357df1dd876f49ae740
v0.*
v0.1
v0.11.1
v0.11.2
v0.11.2.1
v0.12
v0.13
v0.13.1
v0.13.2
v0.13.2.1
v0.13.3
v0.13.3.1
v0.13.3.1f
v0.13.3.2
v0.13.4
v0.13.5
v0.13.7
v0.13.8
v0.13.9
v0.5
v0.5a
v0.6
v0.9
v0.9.1
v0.9.3
v0.9.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-40927.json"