CVE-2021-46827

Name: CVE-2021-46827
Creator: NVD / NIST
Published: 2022-07-13T05:15:07.237+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.1/10EPSS 0.40%

Last modified Jun 17, 2026

CVE-2021-46827 is a medium-severity vulnerability rated 6.1/10 on the CVSS scale. An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.

Description

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.

Metrics

CVSS 3.1

6.1/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.40%

31.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions	Update
Sync	Oxygen Publishing Engine	< 22.1	—
Sync	Oxygen Publishing Engine	22.1	2020061014
Sync	Oxygen Publishing Engine	23.1	2021040717
Sync	Oxygen Xml Author	< 22.1	—
Sync	Oxygen Xml Author	22.1	2020061102
Sync	Oxygen Xml Author	23.1	2021030206
Sync	Oxygen Xml Developer	< 22.1	—
Sync	Oxygen Xml Developer	22.1	2020061102
Sync	Oxygen Xml Developer	23.1	2021030206
Sync	Oxygen Xml Editor	< 22.1	—
Sync	Oxygen Xml Editor	22.1	2020061102
Sync	Oxygen Xml Editor	23.1	2021030206
Sync	Oxygen Xml Webhelp	< 22.1	—
Sync	Oxygen Xml Webhelp	22.1	2020061014
Sync	Oxygen Xml Webhelp	23.1	2021030210

References

https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.htmlPatch, Vendor Advisory
https://www.oxygenxml.com/security/advisory/SYNC-2021-072301.htmlPatch, Vendor Advisory

Timeline

Published: Jul 13, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-46827?

How severe is CVE-2021-46827?

CVE-2021-46827 has a CVSS score of 6.1/10 (MEDIUM severity). The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.

How do I fix CVE-2021-46827?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-46827?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST