XSS Vulnerability in Nim Language RST Module Affecting NimForum and Other Products
CVE-2021-46872

6.1MEDIUM

Key Information:

Vendor: Nim-lang
Status: Nimforum; Nim
Vendor: CVE Published:; 13 January 2023

Summary

An issue was discovered in Nim before version 1.6.2 where the RST module in the standard library allows the use of the javascript: URI scheme. This vulnerability can potentially lead to Cross-Site Scripting (XSS) in applications that utilize this module, exposing them to various security risks. Users are encouraged to update to Nim version 1.6.2 or later, which address the issue, and to check if there are backports of this fix available for earlier versions.

References

https://github.com/nim-lang/nimforum

https://forum.nim-lang.org/t/8852

https://github.com/nim-lang/Nim/pull/19134

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Jan 13, 2023