cvedb.io
CVE-2021-39169
HIGH · CVSS 8
EPSS exploitation probability: 0%
Published 2021-08-27T13:15:07.020 · Last modified 2026-06-17T04:03:14.330

Summary

Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading.

Affected products

misskey — misskey

Does this affect you?

Add your gear to cvedb and we'll alert you only when misskey ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.