Home / Security updates / UIPS-2021-001 - Security Advisory - UiPath Assistant - Content injection via URI handler
UIPS-2021-001 - Security Advisory - UiPath Assistant - Content injection via URI handler
Security updates detail rendered from /security-updates/upd_42d086e7c8875e6c.
Overview
| ID | upd_42d086e7c8875e6c |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | UiPath |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_42d086e7c8875e6c |
| providerId | safebase |
| organizationId | org_33d000fdc8a62017 |
| trustCenterId | tc_7d7ee18589030c52 |
| title | UIPS-2021-001 - Security Advisory - UiPath Assistant - Content injection via URI handler |
| message | **Title: UiPath Assistant - Content injection via URI handler** Publish Date: Dec 7, 2021 Version: 1.0 General Information Affected Versions: Assistant 2021.4 to 2021.4.5 Assistant 2021.10 to 2021.10.3 CVSS Score: 4.7 Details: An issue was fixed in one command line parameter, the process name, which was reflected in the user interface of Assistant. The functionality allowed users to see details regarding the process name when they encountered an error. It was possible for a malicious web page to open the desktop application and to input arbitrary text which was displayed in the user interface of the Assistant. Release Notes: *Links to release notes have been removed as no version is still in support when migrating this advisory to https://trust.uipath.com on November 21, 2025. Links below have been replaced with the latest version of each product affected.* [Latest Overall Version](https://download.uipath.com/UiPathStudio.msi) Suggested Actions: Update to latest Assistant patches a |
| url | - |
| publishedAt | 2025-11-21 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "vulnerabilities"
} |
| company | {
"id": "org_33d000fdc8a62017",
"name": "UiPath",
"domains": [
"trust.uipath.com",
"uipath.com"
]
} |
| trust_center | {
"id": "tc_7d7ee18589030c52",
"name": "UiPath",
"url": "https://trust.uipath.com",
"host": "trust.uipath.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_42d086e7c8875e6c",
"company": "/v1/companies/org_33d000fdc8a62017",
"trust_center": "/v1/trust-centers/tc_7d7ee18589030c52",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_42d086e7c8875e6cJSON