CVE-2021-4020

Type: 

Cross-Site Scripting (XSS)

Severity: 

Low

Publication date: 

11/27/2021

Last modified: 

11/30/2021

Description

janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impact

Access Vector: Through network

Access Complexity: Media

Authentication: Requires a single instance to exploit

Impact Type: Partially affects on system integrity + No impact on system confidentiality + No impact on system availability

Vulnerable software and versions

• cpe:2.3:a:meetecho:janus:*:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

• https://huntr.dev/bounties/9814baa8-7bdd-4e31-a132-d9d15653409e (Source: CONFIRM)
• https://github.com/meetecho/janus-gateway/commit/d3fc00ec803d6c41d8f98908732f44e7f4911a1c (Source: MISC)

Explanation of fields