QwikSec

Security Database

CVE

CWE

Training

CVE-2021-46872

Published: Jan 13, 2023

Modified: Apr 7, 2025

PUBLISHED

Description

An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/nim-lang/nimforum

https://forum.nim-lang.org/t/8852

https://github.com/nim-lang/Nim/pull/19134

https://github.com/nim-lang/Nim/compare/v1.6.0...v1.6.2

https://github.com/nim-lang/Nim/commit/46275126b89218e64844eee169e8ced05dd0e2d7

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.