CVE-2021-46372

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-46372

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46372.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-46372

Published

2022-02-18T13:15:08.260Z

Modified

2025-11-20T11:56:53.584341Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters.

References

https://www.huntr.dev/bounties/eb681144-04f2-4eaa-98b6-c8cffbcb1601/

Affected packages

Git / github.com/erudika/scoold

Affected ranges

Type: GIT
Repo: https://github.com/erudika/scoold
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2fa7a9a13ddfa496d23597f610717a37cfc1467b

Affected versions

1.*

1.24.1

1.24.10

1.24.11

1.24.2

1.24.3

1.24.4

1.24.5

1.24.6

1.24.7

1.24.8

1.24.9

1.25.0

1.25.1

1.25.2

1.25.3

1.25.4

1.25.5

1.26.0

1.26.1

1.28.0

1.28.1

1.28.10

1.28.2

1.28.3

1.28.4

1.28.5

1.28.6

1.28.7

1.28.8

1.28.9

1.29.0

1.29.1

1.29.2

1.29.3

1.29.4

1.30.0

1.30.1

1.30.2

1.30.3

1.30.4

1.30.5

1.31.0

1.31.1

1.31.2

1.31.3

1.31.4

1.32.0

1.32.1

1.33.0

1.33.1

1.34.0

1.35.0

1.35.1

1.35.2

1.35.3

1.36.0

1.36.1

1.36.2

1.37.0

1.37.1

1.38.0

1.39.0

1.39.1

1.39.2

1.39.3

1.39.4

1.40.0

1.40.1

1.40.2

1.40.3

1.40.4

1.40.5

1.41.0

1.41.1

1.41.2

1.42.1

1.43.0

1.43.1

1.43.2

1.43.3

1.44.0

1.45.0

1.46.0

1.46.1

1.46.2

1.46.3

1.46.4

1.46.5

1.47.0

1.47.1

1.47.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46372.json"