{"data":{"id":"2ba8c267-177a-4086-822d-679283614c00","title":"CVE-2021-28796: Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.","summary":"Increments Qiita::Markdown before version 0.33.0 contains an XSS vulnerability (cross-site scripting, where attackers can inject malicious code into web pages) in its transformers component. The vulnerability is classified as CWE-79 (improper neutralization of input during web page generation).","solution":"Update to Qiita::Markdown version 0.33.0 or later. Details of the fix are available in the patch release notes at https://github.com/increments/qiita-markdown/compare/v0.32.0...v0.33.0.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2021-28796","publishedAt":"2021-03-18T20:15:15.153Z","cveId":"CVE-2021-28796","cweIds":["CWE-79"],"cvssScore":"6.1","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00216,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.72,"researchCategory":null,"atlasIds":null}}