Lucene search

NCSC.chCVELIST:CVE-2021-42552

HistoryMar 16, 2022 - 12:55 p.m.

CVE-2021-42552 Reflected XSS in Archivista

2022-03-1612:55:09

CWE-79

NCSC.ch

www.cve.org

cross-site scripting

archivistabox

javascript

vulnerability

webclient

security

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.0%

JSON

Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim’s browser. This issue affects all ArchivistaBox versions prior to 2022/I.

CNA Affected

[
  {
    "product": "ArchivistaBox webclient",
    "vendor": "Archivista GmbH",
    "versions": [
      {
        "lessThan": "2022/I",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

it-sec.de/schwachstelle-in-archivista-dms/

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

34.0%

JSON

Related for CVELIST:CVE-2021-42552