Lucene search

NCSC.chCVELIST:CVE-2021-42118

HistoryNov 30, 2021 - 11:28 a.m.

CVE-2021-42118 Stored XSS in TopEase

2021-11-3011:28:10

CWE-79

NCSC.ch

www.cve.org

cve-2021-42118

stored xss

topease® platform

business-dna solutions gmbh

web applications

object modification

structure component

account takeover

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object attribute, which is then rendered in the Structure Component, to alter the intended functionality and steal cookies, the latter allowing for account takeover.

CNA Affected

[
  {
    "product": "TopEase",
    "vendor": "Business-DNA Solutions GmbH",
    "versions": [
      {
        "lessThanOrEqual": "7.1.27",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

confluence.topease.ch/confluence/display/DOC/Release+Notes

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

7.9

Confidence

High

EPSS

0.001

Percentile

29.2%

JSON

Related for CVELIST:CVE-2021-42118