CVE-2021-3824
23.09.2021, 15:15
OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.
| Vendor | Product | Version |
|---|---|---|
| openvpn | openvpn_access_server | 2.9.0 ≤ 𝑥 ≤ 2.9.4 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-84 - Improper Neutralization of Encoded URI Schemes in a Web PageThe web application improperly neutralizes user-controlled input for executable script disguised with URI encodings.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.