CVE-2021-39391

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39391

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39391.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-39391

Aliases

GHSA-c77f-4rgj-jfr4

Published

2021-09-14T18:15:08.900Z

Modified

2025-11-14T12:14:22.488322Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.

References

Affected packages

Git / github.com/beego/beego

Affected ranges

Type: GIT
Repo: https://github.com/beego/beego
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c0d9d883c8005d9b8f231a3497a4ff09636359d4

Affected versions

v0.*

v0.6.0

v0.7.0

v0.8.0

v0.9.0

v1.*

v1.0.1

v1.10.0

v1.10.1

v1.11.0

v1.11.1

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.2.0

v1.3.0

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.6.0

v1.6.1

v1.7.0

v1.7.1

v1.7.2

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.9.0

v1.9.2

v2.*

v2.0.0

v2.0.0-beta

v2.0.1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39391.json"