Home > Vulnerability Database > CVE-2021-4273

Mend.io Vulnerability Database

CVE-2021-4273

Date: December 21, 2022

A vulnerability classified as problematic was found in studygolang. This vulnerability affects the function Search of the file http/controller/search.go. The manipulation of the argument q leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 97ba556d42fa89dfaa7737e9cd3a8ddaf670bb23. It is recommended to apply a patch to fix this issue. VDB-216478 is the identifier assigned to this vulnerability.

Language: Go

Severity Score

6.1

Related Resources (5)

Url: https://vuldb.com/?id.216478

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-4273

Url: https://github.com/studygolang/studygolang/pull/158

Url: https://github.com/studygolang/studygolang/commit/97ba556d42fa89dfaa7737e9cd3a8ddaf670bb23

Url: https://www.mend.io/vulnerability-database/CVE-2021-4273

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Improper Enforcement of Message or Data Structure

CWE-707

Injection

CWE-74

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2021-4273

Date: December 21, 2022

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?