CVE-2021-33611 – Reflected cross-site scripting in vaadin-menu-bar webjar resources in Vaadin 14
https://notcve.org/view.php?id=CVE-2021-33611
Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL Una falta de saneo de la salida en las fuentes de prueba en org.webjars.bowergithub.vaadin:vaadin-menu-bar versiones 1.0.0 hasta 1.2.0 (Vaadin versiones 14.0.0 hasta 14.4.4), permite a atacantes remotos ejecutar JavaScript malicioso en el navegador al abrir una URL diseñada • https://github.com/vaadin/vaadin-menu-bar/pull/126 https://vaadin.com/security/cve-2021-33611 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •