{"id":"CVE-2021-41317","details":"XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.","modified":"2026-05-18T05:53:08.705567155Z","published":"2021-09-17T16:15:07.660Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"fixed":"2021-09-17"}],"cpes":["cpe:2.3:a:xss_hunter_express_project:xss_hunter_express:*:*:*:*:*:*:*:*"],"vendor_product":"xss_hunter_express_project:xss_hunter_express","source":"CPE_FIELD"},{"extracted_events":[{"fixed":"2021-09-17"}],"source":"DESCRIPTION"}]},"references":[{"type":"ADVISORY","url":"https://docs.google.com/document/d/12rq4YIFZLSmZlEsq7d7hYCI1qO5xyIxA1Wrs1m4y9-4/preview"},{"type":"ADVISORY","url":"https://vuln.ryotak.me/advisories/57"},{"type":"FIX","url":"https://github.com/mandatoryprogrammer/xsshunter-express/commit/56bb44ed9024849f64173f71583ecb7d873baba0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mandatoryprogrammer/xsshunter-express","events":[{"introduced":"0"},{"fixed":"56bb44ed9024849f64173f71583ecb7d873baba0"}],"database_specific":{"source":"REFERENCES"}}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41317.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}