Learn about CVE-2021-45721 affecting JFrog Artifactory versions before 7.36.1, a Cross-Site Scripting vulnerability with a CVSS score of 6.1. Find mitigation steps and best practices here.
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in the Users REST API endpoint.
Understanding CVE-2021-45721
What is CVE-2021-45721?
JFrog Artifactory versions before 7.36.1 are affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the Users REST API.
The Impact of CVE-2021-45721
This vulnerability has a CVSS base score of 6.1 with a medium severity rating. It requires high privileges and user interaction to exploit, impacting confidentiality and integrity.
Technical Details of CVE-2021-45721
Vulnerability Description
Affected Systems and Versions
Exploitation Mechanism
The vulnerability allows attackers to execute malicious scripts in the context of the user's session by manipulating XHR parameters.
Mitigation and Prevention
Immediate Steps to Take
Long-Term Security Practices
Patching and Updates