19 Agustus 2025, saya menyumbangkan Template CVE-2021-20086 untuk ProjectDiscovery (Nuclei Templates). 11 September 2025, Template CVE-2021-20086 sedang dalam proses peninjauan. 08 Oktober 2025, Template CVE-2021-20086 disetujui.
info: name:OdooApps-XSSviaPrototypePollution author:1337rokudenashi severity:high description:| jquery-bbq 1.2.1 contains a prototype pollution caused by improperly controlled modification of object prototype attributes, letting malicious users inject properties into Object.prototype, exploit requires malicious user interaction. impact:| Attackers can modify Object.prototype, leading to potential security issues like property overwrites and application behavior manipulation. remediation:| Update to the latest version of jquery-bbq that addresses this vulnerability or apply patches to prevent prototype pollution. reference: -https://www.tenable.com/security/research/tra-2022-10 -https://nvd.nist.gov/vuln/detail/CVE-2021-20086 classification: cvss-metrics:CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H cvss-score:8.8 cve-id:CVE-2021-20086 cwe-id:CWE-1321 epss-score:0.37071 epss-percentile:0.96989 cpe:cpe:2.3:a:jquery-bbq_project:jquery-bbq:1.2.1:*:*:*:*:*:*:* metadata: verified:true max-request:2 vendor:jquery-bbq_project product:jquery-bbq shodan-query:html:"Odoo" tags:cve,cve2021,odoo,xss,proto,jquery,vuln