CVE-2021-46827

Description

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

Category

6.1
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.55%
Vendor Advisory oxygenxml.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.html patch vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-46827?
CVE-2021-46827 has been scored as a medium severity vulnerability.
How to fix CVE-2021-46827?
To fix CVE-2021-46827, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-46827 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-46827 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.