Lucene search
TwcertCVELIST:CVE-2021-32539HistoryMay 28, 2021 - 8:10 a.m.
CVE-2021-32539 Hundred Plus 101EIP - Stored XSS-1
2021-05-2808:10:25
CWE-79
twcert
www.cve.org
3
xss attack
calendar event
remote authentication
special characters
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.2
Confidence
High
EPSS
0.001
Percentile
29.2%
Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack.
CNA Affected
[
{
"product": "101EIP",
"vendor": "Hundred Plus",
"versions": [
{
"status": "affected",
"version": "RELEASE_200925"
}
]
}
]Related
cve
cve
CVE-2021-32539
2021-05-28 08:15:06
nvd
nvd
CVE-2021-32539
2021-05-28 08:15:06
prion
prion
Cross site scripting
2021-05-28 08:15:00
CVSS3
5.4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
5.2
Confidence
High
EPSS
0.001
Percentile
29.2%
Related for CVELIST:CVE-2021-32539