CVE-2021-45227
COINS Construction Cloud 11.12 contains a persistent Cross-Site Scripting (XSS) flaw in the file upload flow due to inappropriate handling of HTML IFRAME elements. Root cause: improper IFRAME usage during uploads enables script persistence. Impact is documented as client-side compromise; CVSS sco...