Lucene search

[email protected]CVE-2021-45476

HistoryOct 27, 2022 - 10:15 a.m.

CVE-2021-45476

2022-10-2710:15:10

CWE-79

[email protected]

web.nvd.nist.gov

cve-2021-45476

yordam library

info document automation

xss vulnerability

nvd

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.

Affected configurations

NVD

Node

yordamlibrary_automation_systemRange<19.02

CPENameOperatorVersion
yordam:library_automation_systemyordam library automation systemlt19.02

CPE	Name	Operator	Version
yordam:library_automation_system	yordam library automation system	lt	19.02

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Yordam Library Information Document Automation Program",
    "vendor": "Yordam Informatics Systems",
    "versions": [
      {
        "lessThan": "19.02",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.usom.gov.tr/bildirim/tr-22-0669

Social References

4.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

4.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.5%

JSON

Related for CVE-2021-45476

prion1 nvd1 cvelist1