CVE-2021-39391

6.1 MEDIUM

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activate...

Published: 2021-09-14 · Last updated: 2026-06-17

Severity and scoring

CVSS: 6.1 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79

Affected products

Vendor	Product
beego	beego

Description

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-39391
[Other]https://github.com/beego/beego
[Patch]https://github.com/beego/beego/issues/4727
[Other]https://github.com/beego/beego
[Patch]https://github.com/beego/beego/issues/4727

Related CVEs

Same CWE

CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
CVE-2026-39437 — Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)