{"id":"CVE-2020-21266","details":"Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability.","modified":"2026-07-08T06:01:06.805536434Z","published":"2020-10-29T14:15:12.570Z","database_specific":{},"references":[{"type":"ADVISORY","url":"https://www.broadleafcommerce.com/docs/core/5.1/release-notes/5.1.15-ga"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/broadleafcommerce/broadleafcommerce","events":[{"introduced":"876193031be426e848a8faf19cf164a649428801"},{"last_affected":"876193031be426e848a8faf19cf164a649428801"}],"database_specific":{"source":"CPE_STRING","cpe":"cpe:2.3:a:broadleafcommerce:broadleaf_commerce:5.1.14-ga:*:*:*:*:*:*:*","extracted_events":[{"introduced":"5.1.14-ga"},{"last_affected":"5.1.14-ga"}]}}],"versions":["5.1.14-ga","broadleaf-5.1.14-GA"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21266.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}