CVE-2021-42119

Опубликовано: 30 нояб. 2021

Источник: nvd

CVSS3: 7.3

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover.

Ссылки

https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release Notes
Vendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+Notes
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:businessdnasolutions:topease:*:*:*:*:*:*:*:*

Версия до 7.1.27 (включая)

EPSS

Процентиль: 61%

0.00416

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3hxq-v55q-xvxq

github

около 4 лет назад

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbHâ€™s TopEaseÂ® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover.

EPSS

Процентиль: 61%

0.00416

Низкий

7.3 High

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79