CVE-2021-44667
MEDIUMAlibaba Nacos < 2.1.0-BETA - XSS
Title source: ruleDescription
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
Exploits (1)
nomisec
WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/alibaba__nacos_CVE-2021-44667_2-0-3
Scores
CVSS v3
6.1
EPSS
0.0022
EPSS Percentile
44.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
alibaba/nacos
2.0.3
com.alibaba.nacos/nacos-common
2.0.0-ALPHA.1 - 2.1.0-BETAMaven
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026