cnvd - cnvd-2021-52411

cnvd-2021-52411

Vulnerability from cnvd

Title

IkaIka RSS Reader跨站脚本漏洞

Description

IkaIka RSS Reader是一个在线RSS阅读器。 IkaIka RSS Reader存在跨站脚本漏洞，该漏洞源于对 RSS 注册中用户提供的数据没有进行充分过滤。远程攻击者可以在易受攻击的网站中诱使受害者访问特制链接并在浏览器中执行任意HTML和脚本代码。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.ikaika.net/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2021-20752

Impacted products

Name
IkaIka RSS Reader IkaIka RSS Reader

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-20752"
    }
  },
  "description": "IkaIka RSS Reader\u662f\u4e00\u4e2a\u5728\u7ebfRSS\u9605\u8bfb\u5668\u3002\n\nIkaIka RSS Reader\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9 RSS \u6ce8\u518c\u4e2d\u7528\u6237\u63d0\u4f9b\u7684\u6570\u636e\u6ca1\u6709\u8fdb\u884c\u5145\u5206\u8fc7\u6ee4\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u6613\u53d7\u653b\u51fb\u7684\u7f51\u7ad9\u4e2d\u8bf1\u4f7f\u53d7\u5bb3\u8005\u8bbf\u95ee\u7279\u5236\u94fe\u63a5\u5e76\u5728\u6d4f\u89c8\u5668\u4e2d\u6267\u884c\u4efb\u610fHTML\u548c\u811a\u672c\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.ikaika.net/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-52411",
  "openTime": "2021-07-20",
  "products": {
    "product": "IkaIka RSS Reader IkaIka RSS Reader"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-20752",
  "serverity": "\u4e2d",
  "submitTime": "2021-07-02",
  "title": "IkaIka RSS Reader\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2021-20752 (GCVE-0-2021-20752)

Vulnerability from cvelistv5

Published

2021-07-01 05:45

Modified

2024-08-03 17:53

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors.

References

URL

Tags

https://jvn.jp/en/jp/JVN15185184/index.html

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	IKaIKa Software Co.,LTD.	IkaIka RSS Reader	Version: all versions

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:53:21.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN15185184/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "IkaIka RSS Reader",
          "vendor": "IKaIKa Software Co.,LTD.",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-01T05:45:15",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jvn.jp/en/jp/JVN15185184/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2021-20752",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "IkaIka RSS Reader",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IKaIKa Software Co.,LTD."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://jvn.jp/en/jp/JVN15185184/index.html",
              "refsource": "MISC",
              "url": "https://jvn.jp/en/jp/JVN15185184/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2021-20752",
    "datePublished": "2021-07-01T05:45:15",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:53:21.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.