[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-32719":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":67,"aliases":77,"duplicate_of":9,"upstream":78,"downstream":79,"duplicates":100,"related":101,"reserved_at":9,"published_at":108,"modified_at":109,"state":110,"summary":111,"references_raw":119,"kevs":138,"epss":139,"epss_history":142,"metrics":416,"affected":434},"CVE-2021-32719","RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper \u003Cscript> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.",null,[11,44],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],{"_key":45,"id":45,"name":46,"description":47,"type":15,"status":48,"abstraction":49,"likelihood_of_exploit":18,"capec":50},"CWE-80","Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)","The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as \"\u003C\", \">\", and \"&\" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.","Incomplete","Variant",[51,55,59,63],{"id":52,"name":53,"techniques":54},"CAPEC-18","XSS Targeting Non-Script Elements",[],{"id":56,"name":57,"techniques":58},"CAPEC-193","PHP Remote File Inclusion",[],{"id":60,"name":61,"techniques":62},"CAPEC-32","XSS Through HTTP Query Strings",[],{"id":64,"name":65,"techniques":66},"CAPEC-86","XSS Through HTTP Headers",[],[68],{"_key":69,"name":70,"source":71,"url":72,"maturity":73,"reliability_score":74,"verified":75,"type":9,"platforms":76,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_43EE4F12A38AE5FC","Exploit Reference (herolab.usd.de)","reference","https://herolab.usd.de/security-advisories/usd-2021-0011/","unknown",0.2,false,[],[],[],[80,82,84,86,88,90,92,94,96,98],{"_key":81},"RHSA-2022:8851",{"_key":83},"SUSE-SU-2021:3254-1",{"_key":85},"SUSE-SU-2021:3325-1",{"_key":87},"UBUNTU-CVE-2021-32719",{"_key":89},"USN-7143-1",{"_key":91},"SUSE-FU-2024:2078-1",{"_key":93},"OPENSUSE-SU-2021:1334-1",{"_key":95},"OPENSUSE-SU-2021:3325-1",{"_key":97},"MGASA-2021-0390",{"_key":99},"DEBIAN-CVE-2021-32719",[],[102,103,104,105,106,107],{"_key":83},{"_key":85},{"_key":91},{"_key":93},{"_key":95},{"_key":97},"2021-06-28T15:15:11.000Z","2024-08-03T23:25:31.107Z","Modified",{"cisa_kev":75,"cisa_ransomware":75,"cisa_vendor":9,"epss_severity":112,"epss_score":113,"severity":114,"severity_score":115,"severity_version":116,"severity_source":117,"severity_vector":118,"severity_status":110},"low",0.0012,"medium",4.8,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",[120,128,134],{"url":121,"sources":122,"tags":124},"https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-5452-hxj4-773x",[123,117],"cve.org",[125,126,127],"X Refsource CONFIRM","Mitigation","Third Party Advisory",{"url":129,"sources":130,"tags":131},"https://github.com/rabbitmq/rabbitmq-server/pull/3122",[123,117],[132,133,127],"X Refsource MISC","Patch",{"url":72,"sources":135,"tags":136},[123,117],[132,137,127],"Exploit",[],{"date":140,"score":113,"percentile":141},"2026-06-04",0.30521,[143,147,150,153,156,158,161,164,167,170,173,176,178,181,184,188,191,194,197,200,203,206,209,212,215,218,221,224,227,230,233,236,239,241,243,247,251,254,257,260,263,266,269,272,275,278,281,284,287,290,293,296,299,302,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,366,370,374,377,380,383,386,389,392,395,398,401,404,407,410,413],{"date":144,"score":145,"percentile":146},"2025-11-04",0.00075,0.23102,{"date":148,"score":145,"percentile":149},"2025-11-05",0.23095,{"date":151,"score":145,"percentile":152},"2025-11-06",0.23099,{"date":154,"score":145,"percentile":155},"2025-11-07",0.23111,{"date":157,"score":145,"percentile":146},"2025-11-08",{"date":159,"score":145,"percentile":160},"2025-11-09",0.23049,{"date":162,"score":145,"percentile":163},"2025-11-10",0.22988,{"date":165,"score":145,"percentile":166},"2025-11-11",0.23013,{"date":168,"score":145,"percentile":169},"2025-11-12",0.23069,{"date":171,"score":145,"percentile":172},"2025-11-13",0.23072,{"date":174,"score":145,"percentile":175},"2025-11-14",0.23064,{"date":177,"score":145,"percentile":160},"2025-11-15",{"date":179,"score":145,"percentile":180},"2025-11-16",0.22995,{"date":182,"score":145,"percentile":183},"2025-11-17",0.22953,{"date":185,"score":186,"percentile":187},"2025-11-18",0.00319,0.52034,{"date":189,"score":186,"percentile":190},"2025-11-19",0.52047,{"date":192,"score":186,"percentile":193},"2025-11-20",0.52035,{"date":195,"score":145,"percentile":196},"2025-11-21",0.22903,{"date":198,"score":145,"percentile":199},"2025-11-22",0.229,{"date":201,"score":145,"percentile":202},"2025-11-23",0.22861,{"date":204,"score":145,"percentile":205},"2025-11-24",0.22819,{"date":207,"score":145,"percentile":208},"2025-11-25",0.22809,{"date":210,"score":145,"percentile":211},"2025-11-26",0.22795,{"date":213,"score":145,"percentile":214},"2025-11-27",0.22799,{"date":216,"score":145,"percentile":217},"2025-11-28",0.22774,{"date":219,"score":145,"percentile":220},"2025-11-29",0.22757,{"date":222,"score":145,"percentile":223},"2025-11-30",0.22746,{"date":225,"score":145,"percentile":226},"2025-12-01",0.22784,{"date":228,"score":145,"percentile":229},"2025-12-02",0.22801,{"date":231,"score":145,"percentile":232},"2025-12-03",0.22814,{"date":234,"score":145,"percentile":235},"2025-12-04",0.22752,{"date":237,"score":145,"percentile":238},"2025-12-05",0.22797,{"date":240,"score":145,"percentile":214},"2025-12-06",{"date":242,"score":145,"percentile":220},"2025-12-07",{"date":244,"score":245,"percentile":246},"2025-12-08",0.00074,0.2253,{"date":248,"score":249,"percentile":250},"2025-12-09",0.00086,0.25314,{"date":252,"score":249,"percentile":253},"2025-12-10",0.25379,{"date":255,"score":249,"percentile":256},"2025-12-11",0.2539,{"date":258,"score":249,"percentile":259},"2025-12-12",0.25404,{"date":261,"score":249,"percentile":262},"2025-12-13",0.25407,{"date":264,"score":249,"percentile":265},"2025-12-14",0.25378,{"date":267,"score":249,"percentile":268},"2025-12-15",0.25349,{"date":270,"score":249,"percentile":271},"2025-12-16",0.25365,{"date":273,"score":249,"percentile":274},"2025-12-17",0.2544,{"date":276,"score":249,"percentile":277},"2025-12-18",0.25498,{"date":279,"score":249,"percentile":280},"2025-12-19",0.25514,{"date":282,"score":249,"percentile":283},"2025-12-20",0.25484,{"date":285,"score":249,"percentile":286},"2025-12-21",0.25432,{"date":288,"score":249,"percentile":289},"2025-12-22",0.25389,{"date":291,"score":249,"percentile":292},"2025-12-23",0.2536,{"date":294,"score":249,"percentile":295},"2025-12-24",0.2537,{"date":297,"score":249,"percentile":298},"2025-12-25",0.25446,{"date":300,"score":249,"percentile":301},"2025-12-26",0.25434,{"date":303,"score":304,"percentile":305},"2025-12-27",0.00079,0.23954,{"date":307,"score":249,"percentile":308},"2025-12-28",0.25304,{"date":310,"score":249,"percentile":311},"2025-12-29",0.25274,{"date":313,"score":249,"percentile":314},"2025-12-30",0.25271,{"date":316,"score":249,"percentile":317},"2025-12-31",0.25331,{"date":319,"score":249,"percentile":320},"2026-01-01",0.25433,{"date":322,"score":249,"percentile":323},"2026-01-02",0.25424,{"date":325,"score":249,"percentile":326},"2026-01-03",0.25409,{"date":328,"score":249,"percentile":329},"2026-01-04",0.2531,{"date":331,"score":249,"percentile":332},"2026-01-05",0.25292,{"date":334,"score":249,"percentile":335},"2026-01-06",0.253,{"date":337,"score":249,"percentile":338},"2026-01-07",0.25328,{"date":340,"score":249,"percentile":341},"2026-01-08",0.25372,{"date":343,"score":249,"percentile":344},"2026-01-09",0.2535,{"date":346,"score":249,"percentile":347},"2026-01-10",0.25326,{"date":349,"score":249,"percentile":350},"2026-01-11",0.25301,{"date":352,"score":249,"percentile":353},"2026-01-12",0.25258,{"date":355,"score":249,"percentile":356},"2026-01-13",0.25236,{"date":358,"score":249,"percentile":359},"2026-01-14",0.25291,{"date":361,"score":249,"percentile":362},"2026-01-15",0.25281,{"date":364,"score":249,"percentile":365},"2026-01-16",0.25313,{"date":367,"score":368,"percentile":369},"2026-01-17",0.00116,0.30988,{"date":371,"score":372,"percentile":373},"2026-01-18",0.00122,0.31995,{"date":375,"score":372,"percentile":376},"2026-01-19",0.31962,{"date":378,"score":372,"percentile":379},"2026-01-20",0.31947,{"date":381,"score":372,"percentile":382},"2026-01-21",0.319,{"date":384,"score":372,"percentile":385},"2026-01-22",0.31876,{"date":387,"score":372,"percentile":388},"2026-01-23",0.31939,{"date":390,"score":113,"percentile":391},"2026-01-24",0.31606,{"date":393,"score":113,"percentile":394},"2026-01-25",0.31536,{"date":396,"score":113,"percentile":397},"2026-01-26",0.31445,{"date":399,"score":113,"percentile":400},"2026-01-27",0.31432,{"date":402,"score":113,"percentile":403},"2026-01-28",0.31408,{"date":405,"score":113,"percentile":406},"2026-01-29",0.31363,{"date":408,"score":113,"percentile":409},"2026-01-30",0.3135,{"date":411,"score":113,"percentile":412},"2026-01-31",0.31362,{"date":414,"score":113,"percentile":415},"2026-02-01",0.3145,[417,424],{"source":123,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":418,"cvss_v4_0":9},{"baseScore":419,"baseSeverity":420,"vectorString":421,"impactScore":422,"exploitabilityScore":423},3.1,"LOW","CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N",4.2,1.3,{"source":117,"cvss_v2_0":425,"cvss_v3_0":9,"cvss_v3_1":430,"cvss_v4_0":9},{"baseScore":426,"baseSeverity":9,"vectorString":427,"impactScore":428,"exploitabilityScore":429},3.5,"AV:N/AC:M/Au:S/C:N/I:P/A:N",2.9,6.8,{"baseScore":115,"baseSeverity":431,"vectorString":118,"impactScore":432,"exploitabilityScore":433},"MEDIUM",4.5,4.4,[435,445],{"ecosystem":9,"name":436,"vendor":437,"product":436,"cpe_part":438,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":439},"rabbitmq-server","rabbitmq","a",[440],{"version":441,"is_range":442,"range_type":123,"version_start":9,"version_start_type":9,"version_end":443,"version_end_type":444,"fixed_in":9},"\u003C 3.8.18",true,"3.8.18","excluding",{"ecosystem":9,"name":437,"vendor":446,"product":437,"cpe_part":438,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":447},"vmware",[448],{"version":449,"is_range":442,"range_type":450,"version_start":9,"version_start_type":9,"version_end":443,"version_end_type":444,"fixed_in":9},"lt3.8.18","cpe"]