exploitDog

CVE-2021-42329

Опубликовано: 15 окт. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.

Ссылки

https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:xinheinformation:xinhe_teaching_platform_system:v2021:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00148

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-x6v4-jh5f-25pv

github

больше 3 лет назад

The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.

EPSS

Процентиль: 36%

0.00148

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79