Lucene search

NCSC.chCVELIST:CVE-2021-42551

HistoryJan 14, 2022 - 9:52 a.m.

CVE-2021-42551 Reflected XSS in NetBiblio WebOPAC search functionality

2022-01-1409:52:25

CWE-79

NCSC.ch

www.cve.org

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

47.2%

JSON

Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.

CNA Affected

[
  {
    "product": "NetBiblio WebOPAC",
    "vendor": "AlCoda",
    "versions": [
      {
        "lessThan": "4.0.0.320",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "next of 4.0.0.328",
        "versionType": "custom"
      },
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "4.0.0.335",
        "versionType": "custom"
      }
    ]
  }
]

References

www.redguard.ch/advisories/netbiblio_webopac.txt

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

47.2%

JSON

Related for CVELIST:CVE-2021-42551