| |
Vulnerability CVE-2021-42329
Published: 2021-10-15
| Description: |
The ??List_Add? function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user??s privilege, remote attackers can inject JavaScript and execute stored XSS attacks. |
Type:
CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
3.5/10 |
2.9/10 |
6.8/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
Single time |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
