CVE-2021-4274
LOWbird-lg - Cross-Site Scripting via request_args in layout.html
Title source: llmDescription
A vulnerability, which was classified as problematic, has been found in sileht bird-lg. This issue affects some unknown processing of the file templates/layout.html. The manipulation of the argument request_args leads to cross site scripting. The attack may be initiated remotely. The name of the patch is ef6b32c527478fefe7a4436e10b96ee28ed5b308. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216479.
References (3)
Core 3
Core References
Patch, Third Party Advisory
https://github.com/sileht/bird-lg/commit/ef6b32c527478fefe7a4436e10b96ee28ed5b308
Patch, Third Party Advisory
https://github.com/sileht/bird-lg/pull/82
Third Party Advisory
https://vuldb.com/?id.216479
Scores
CVSS v3
3.5
EPSS
0.0050
EPSS Percentile
38.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
CWE-707
Status
published
Products (1)
bird-lg_project/bird-lg
Published
Dec 21, 2022
Tracked Since
Feb 18, 2026