{"id":"CVE-2021-46872","details":"An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)","modified":"2026-07-09T02:48:58.586775Z","published":"2023-01-13T06:15:10.940Z","references":[{"type":"ADVISORY","url":"https://github.com/nim-lang/Nim/compare/v1.6.0...v1.6.2"},{"type":"ADVISORY","url":"https://github.com/nim-lang/nimforum"},{"type":"REPORT","url":"https://forum.nim-lang.org/t/8852"},{"type":"FIX","url":"https://github.com/nim-lang/Nim/commit/46275126b89218e64844eee169e8ced05dd0e2d7"},{"type":"FIX","url":"https://github.com/nim-lang/Nim/pull/19134"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nim-lang/nim","events":[{"introduced":"0"},{"fixed":"9084d9bc02bcd983b81a4c76a05f27b9ce2707dd"},{"fixed":"46275126b89218e64844eee169e8ced05dd0e2d7"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"1.6.2"}],"source":["CPE_RANGE","REFERENCES"],"cpe":"cpe:2.3:a:nim-lang:nim:*:*:*:*:*:*:*:*"}}],"versions":["v1.6.0","v1.0.0","v0.20.0","v0.19.0","v0.18.0","v0.17.2","v0.17.0","v0.16.0","v0.15.2","v0.14.2","v0.15.0","v0.14.0","v0.13.0","v0.12.0","v0.11.2","v0.11.0","v0.10.2","v0.9.4","v0.9.2","v0.9.0","v0.8.14"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46872.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/nim-lang/nimforum","events":[{"introduced":"0"},{"fixed":"26a3bb993c186d5a5c4c2464aa2c13a0cba9ef4c"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"2.2.0"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:nim-lang:nimforum:*:*:*:*:*:nim:*:*"}}],"versions":["v2.1.0","v2.0.1","v2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-46872.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}