vulnerability
Arch Linux: Cross-site scripting (CVE-2021-32718)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:M/Au:S/C:N/I:P/A:N) | Jun 28, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
3
CVSS
(AV:N/AC:M/Au:S/C:N/I:P/A:N)
Published
Jun 28, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper <script> tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management).
Solution
arch-linux-upgrade-latest
References
- CVE-2021-32718
- https://attackerkb.com/topics/CVE-2021-32718
- URL-http://seclists.org/fulldisclosure/2021/Dec/3
- URL-https://github.com/rabbitmq/rabbitmq-server/pull/3028
- URL-https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-c3hj-rg5h-2772
- URL-https://security.archlinux.org/ASA-202107-17
- CWE-80
- CWE-79
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.