CVE-2021-28796: Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.
Summary
Increments Qiita::Markdown before version 0.33.0 contains an XSS vulnerability (cross-site scripting, where attackers can inject malicious code into web pages) in its transformers component. The vulnerability is classified as CWE-79 (improper neutralization of input during web page generation).
Solution / Mitigation
Update to Qiita::Markdown version 0.33.0 or later. Details of the fix are available in the patch release notes at https://github.com/increments/qiita-markdown/compare/v0.32.0...v0.33.0.
Vulnerability Details
6.1(medium)
EPSS: 0.2%
Classification
Related Issues
CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne
CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-28796
First tracked: February 15, 2026 at 08:46 PM
Classified by LLM (prompt v3) · confidence: 72%