Regular expression Denial of Service in MooTools
CVE-2021-32828

5.4MEDIUM

Key Information:

Vendor: Hyland
Status: Nuxeo
Vendor: CVE Published:; 5 January 2023

What is CVE-2021-32828?

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the oauth2 REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.

Affected Version(s)

Nuxeo 11.5.109

References

https://securitylab.github.com/advisories/GHSL-2021-072-n...

https://github.com/nuxeo/nuxeo/blob/master/modules/platfo...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 5, 2023
Vulnerability Reserved
May 12, 2021

Hyland

What is CVE-2021-32828?

Affected Version(s)

References

CVSS V3.1

Timeline