Lucene search

GovTech CSGCVELIST:CVE-2021-42856

HistoryMar 09, 2022 - 4:51 p.m.

CVE-2021-42856 Reflected Cross-site Scripting at DsaDataTest

2022-03-0916:51:56

CWE-20

GovTech CSG

www.cve.org

cve-2021-42856

cross-site scripting

dsadatatest

endpoint

xss vulnerability

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

EPSS

0.001

Percentile

31.3%

JSON

It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.

CNA Affected

[
  {
    "product": "SteelCentral AppInternals Dynamic Sampling Agent",
    "vendor": "Aternity",
    "versions": [
      {
        "status": "affected",
        "version": "10.x"
      },
      {
        "lessThan": "12.13.0",
        "status": "affected",
        "version": "12.13.0",
        "versionType": "custom"
      },
      {
        "lessThan": "11.8.8",
        "status": "affected",
        "version": "11.8.8",
        "versionType": "custom"
      }
    ]
  }
]

References

aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

EPSS

0.001

Percentile

31.3%

JSON

Related for CVELIST:CVE-2021-42856