Wind River Support Network

Home CVE Database CVE-2021-43841

CVE-2021-43841

Description

XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it\'s possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn\'t allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files.

Priority: LOW

CVSS v3: 5.4

Component: It doesn\'t impact WRLinux.

Publish Date: Feb 4, 2022

Related ID: --

CVSS v2: MEDIUM

Modified Date: Feb 10, 2022

Find out more about CVE-2021-43841 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Product Name	Status	Defect	Fixed	Downloads
Linux
Wind River Linux LTS 17	Not Vulnerable	--	--	--
Wind River Linux 8	Not Vulnerable	--	--	--
Wind River Linux 9	Not Vulnerable	--	--	--
Wind River Linux 7	Not Vulnerable	--	--	--
Wind River Linux LTS 21	Not Vulnerable	--	--	--
Wind River Linux LTS 22	Not Vulnerable	--	--	--
Wind River Linux LTS 18	Not Vulnerable	--	--	--
Wind River Linux LTS 19	Not Vulnerable	--	--	--
Wind River Linux CD release	Not Vulnerable	--	--	--
Wind River Linux 6	Not Vulnerable	--	--	--
Wind River Linux LTS 23	Not Vulnerable	--	--	--
VxWorks
VxWorks 7	Not Vulnerable	--	--	--
VxWorks 6.9	Not Vulnerable	--	--	--
Helix Virtualization Platform Cert Edition
Helix Virtualization Platform Cert Edition	Not Vulnerable	--	--	--

Related Products

Product Name	Status	Defect	Fixed	Downloads

Notes
Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.