### [CVE-2021-32828](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32828)
![](https://img.shields.io/static/v1?label=Product&message=Nuxeo&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=11.5.109%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brightgreen)

### Description

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/Yonathan808/Nuxeo-Vulnerable-a-XXS