{"id":"CVE-2021-39169","details":"Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading.","modified":"2026-04-10T04:37:24.126052Z","published":"2021-08-27T13:15:07.020Z","related":["GHSA-pmmv-jwqh-f5ww"],"references":[{"type":"FIX","url":"https://github.com/misskey-dev/misskey/commit/ec203f7f795766f76b55fecc9248168c1cdf6c99"},{"type":"FIX","url":"https://github.com/misskey-dev/misskey/security/advisories/GHSA-pmmv-jwqh-f5ww"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/misskey-dev/misskey","events":[{"introduced":"0"},{"fixed":"ec203f7f795766f76b55fecc9248168c1cdf6c99"}]},{"type":"GIT","repo":"https://github.com/syuilo/misskey","events":[{"introduced":"0"},{"fixed":"629b765abcab091c2a0d30ef5e881d28e2badf02"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"12.51.0"}]}}],"versions":["0.0.5018","0.0.5023","0.0.5030","0.0.5042","0.0.5051","0.0.5064","0.0.5074","0.0.5089","1.0.0","1.1.0","1.2.0","1.3.0","1.4.0","1.5.0","1.6.0","1.7.0","10.0.0","10.1.0","10.10.0","10.10.1","10.11.0","10.11.1","10.12.0","10.12.1","10.13.0","10.14.0","10.15.0","10.16.0","10.17.0","10.18.0","10.19.0","10.2.0","10.2.1","10.20.0","10.21.0","10.21.1","10.21.2","10.21.3","10.22.0","10.22.1","10.23.0","10.23.1","10.24.0","10.25.0","10.26.0","10.27.0","10.28.0","10.29.0","10.29.1","10.3.0","10.30.0","10.30.1","10.30.2","10.30.3","10.31.0","10.32.0","10.33.0","10.34.0","10.35.0","10.35.1","10.36.0","10.36.1","10.37.0","10.38.0","10.38.1","10.38.2","10.38.3","10.38.4","10.38.5","10.38.6","10.38.7","10.38.8","10.39.0","10.39.1","10.4.0","10.40.0","10.40.1","10.41.0","10.42.0","10.42.2","10.43.0","10.43.1","10.44.0","10.44.1","10.44.2","10.45.0","10.46.0","10.46.1","10.46.2","10.47.0","10.48.0","10.48.1","10.49.0","10.49.1","10.49.2","10.49.3","10.49.4","10.49.5","10.49.6","10.49.7","10.5.0","10.50.0","10.51.0","10.51.1","10.51.2","10.52.0","10.53.0","10.54.0","10.55.0","10.56.0","10.56.1","10.56.2","10.57.0","10.57.1","10.57.2","10.57.3","10.58.0","10.58.1","10.58.2","10.59.0","10.59.1","10.59.2","10.59.3","10.59.4","10.6.0","10.60.0","10.60.1","10.60.2","10.60.3","10.60.4","10.61.0","10.62.0","10.62.1","10.62.2","10.63.0","10.63.1","10.64.0","10.64.1","10.64.2","10.65.0","10.66.0","10.66.1","10.66.2","10.67.0","10.68.0","10.69.0","10.7.0","10.7.1","10.7.2","10.70.0","10.70.1","10.71.0","10.72.0","10.73.0","10.74.0","10.75.0","10.76.0","10.77.0","10.78.0","10.78.1","10.78.2","10.78.3","10.78.4","10.78.5","10.79.0","10.79.1","10.8.0","10.80.0","10.81.0","10.82.0","10.82.1","10.82.2","10.82.3","10.82.4","10.83.0","10.84.0","10.84.1","10.84.2","10.85.0","10.85.1","10.85.2","10.86.0","10.86.1","10.86.2","10.87.0","10.87.1","10.87.2","10.87.3","10.87.4","10.87.5","10.88.0","10.89.0","10.89.1","10.9.0","10.9.1","10.9.2","10.90.0","10.90.1","10.90.2","10.90.3","10.90.4","10.91.0","10.91.1","10.91.2","10.92.0","10.92.1","10.92.2","10.92.3","10.92.4","10.93.0","10.93.1","10.94.0","10.95.0","10.96.0","10.97.0","10.97.1","10.97.2","10.98.0","10.98.1","10.98.2","10.98.3","10.99.0","11.0.0-alpha.1","11.0.0-alpha.10","11.0.0-alpha.2","11.0.0-alpha.3","11.0.0-alpha.4","11.0.0-alpha.5","11.0.0-alpha.6","11.0.0-alpha.7","11.0.0-alpha.8","11.0.0-beta.1","11.0.0-beta.10","11.0.0-beta.11","11.0.0-beta.12","11.0.0-beta.13","11.0.0-beta.14","11.0.0-beta.15","11.0.0-beta.16","11.0.0-beta.2","11.0.0-beta.3","11.0.0-beta.4","11.0.0-beta.5","11.0.0-beta.6","11.0.0-beta.7","11.0.0-beta.8","11.0.0-beta.9","11.26.1","11.26.2","11.27.0","11.27.1","11.28.0","11.28.1","11.28.2","11.29.0","11.30.0","11.31.0","11.31.1","11.31.2","11.31.3","11.31.4","11.32.0","11.33.0","11.34.0","11.35.0","11.35.1","11.36.0","11.37.0","11.37.1","12.0.0","12.1.0","12.10.0","12.11.0","12.12.0","12.13.0","12.14.0","12.15.0","12.16.0","12.17.0","12.18.0","12.18.1","12.19.0","12.2.0","12.20.0","12.21.0","12.29.0","12.3.0","12.30.0","12.31.0","12.32.0","12.33.0","12.34.0","12.35.0","12.35.1","12.35.2","12.36.0","12.36.1","12.37.0","12.38.0","12.38.1","12.39.0","12.39.1","12.4.0","12.4.1","12.40.0","12.41.0","12.41.1","12.41.2","12.41.3","12.42.0","12.43.0","12.44.0","12.44.1","12.45.0","12.45.1","12.46.0","12.47.0","12.47.1","12.48.0","12.48.1","12.48.2","12.48.3","12.49.0","12.49.1","12.5.0","12.50.0","12.6.0","12.7.0","12.7.1","12.8.0","12.9.0","2.0.0","2.1.1","2.1.2","2.1.3","2.1.4","2.10.0","2.10.1","2.11.0","2.12.0","2.13.0","2.14.0","2.15.0","2.16.0","2.16.1","2.16.2","2.16.3","2.16.4","2.16.5","2.16.6","2.16.7","2.16.8","2.17.0","2.18.0","2.18.2","2.19.0","2.2.0","2.20.0","2.20.1","2.21.0","2.21.1","2.22.0","2.22.1","2.22.2","2.22.3","2.23.0","2.24.0","2.24.1","2.24.2","2.25.1","2.25.2","2.27.3","2.29.0","2.29.1","2.3.0","2.3.1","2.30.0","2.30.1","2.31.0","2.32.0","2.33.0","2.33.1","2.34.0","2.34.1","2.34.3","2.35.1","2.35.2","2.35.3","2.36.1","2.37.1","2.37.2","2.37.3","2.37.4","2.37.5","2.37.6","2.37.7","2.38.2","2.38.3","2.4.0","2.40.0","2.40.1","2.41.1","2.42.0","2.5.0","2.6.2","2.7.1","2.9.0","2.9.1","3.0.1","3.1.0","3.1.1","4.10.0","4.11.0","4.12.0","4.13.0","4.14.0","4.15.0","4.17.1","4.19.1","4.2.0","4.20.0","4.22.1","4.23.1","4.24.1","4.25.0","4.26.0","4.3.0","4.3.1","4.5.0","4.7.0","4.7.1","4.9.0","5.0.0","5.1.0","5.10.0","5.11.0","5.12.0","5.13.0","5.13.1","5.13.2","5.14.0","5.15.0","5.16.0","5.17.0","5.18.0","5.19.0","5.20.0","5.20.1","5.21.0","5.22.0","5.22.1","5.23.0","5.23.1","5.23.2","5.24.0","5.24.1","5.25.0","5.3.0","5.4.0","5.5.0","5.6.1","5.6.2","6.0.0","6.0.1","6.0.2","6.1.0","6.2.0","6.3.0","6.4.0","6.4.1","7.0.0","7.0.2","7.1.0","7.1.1","7.1.2","7.2.0","7.3.0","8.17.0","8.18.0","8.19.0","8.19.1","8.20.0","8.21.0","8.23.0","8.24.0","8.25.0","8.26.0","8.27.0","8.28.0","8.28.1","8.29.0","8.30.0","8.31.0","8.32.0","8.33.0","8.34.0","8.34.1","8.34.2","8.34.3","8.34.4","8.35.0","8.36.0","8.37.0","8.38.0","8.39.0","8.40.0","8.41.0","8.42.0","8.43.0","8.44.0","8.44.1","8.45.0","8.45.1","8.46.0","8.47.0","8.48.0","8.49.0","8.5.1","8.50.0","8.51.0","8.52.0","8.53.0","8.54.0","8.55.0","8.56.0","8.57.0","8.57.1","8.58.0","8.59.0","8.60.0","8.61.0","8.62.0","8.63.0","8.64.0","9.0.0","9.1.0","9.2.0","9.3.0","9.3.1","9.4.0","9.5.0","9.6.0","9.7.0","9.7.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39169.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}