How severe is CVE-2021-32796?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2021-32796?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2021-32796 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

xmldom is an open source pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.6.0 and older do not correctly escape special characters when serializing elements removed from their ancestor. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This issue has been resolved in version 0.7.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents.

Related Vulnerabilities

CVE-2018-20586

MEDIUM

CVSS:5.3(Medium)

bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call.

CWE-1162018

CVE-2019-11717

MEDIUM

CVSS:5.3(Medium)

A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator, allowing for possible spoofing of origin attributes. This vulne...

CWE-1162019

CVE-2019-15944

MEDIUM

CVSS:5.3(Medium)

In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message.

CWE-1162019

CVE-2019-19714

MEDIUM

CVSS:5.3(Medium)

Contao 4.8.4 and 4.8.5 has Improper Encoding or Escaping of Output. It is possible to inject insert tags into the login module which will be replaced when the page is rendered.

CWE-1162019

CVE-2019-3571

MEDIUM

CVSS:5.3(Medium)

An input validation issue affected WhatsApp Desktop versions prior to 0.3.3793 which allows malicious clients to send files to users that would be displayed with a wrong extension.

CWE-1162019

CVE-2020-24592

MEDIUM

CVSS:5.3(Medium)

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.

CWE-1162020