CVE-2021-42118
Stored XSS in TopEase
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object attribute, which is then rendered in the Structure Component, to alter the intended functionality and steal cookies, the latter allowing for account takeover.
Un ataque de tipo Cross Site Scripting Persistente en aplicaciones web que operan en la plataforma TopEase® de Business-DNA Solutions GmbH, versión versiones anteriores a 7.1.27 incluyéndola, por medio del Componente Structure, permite a un atacante remoto autenticado con privilegios de modificación de objetos inyectar código HTML y JavaScript arbitrario en un atributo de objeto, que luego es renderizado en el componente de estructura, para alterar la funcionalidad prevista y robar cookies, permitiendo esto último la toma de posesión de la cuenta
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-10-08 CVE Reserved
- 2021-11-30 CVE Published
- 2023-06-23 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://confluence.topease.ch/confluence/display/DOC/Release+Notes | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Businessdnasolutions Search vendor "Businessdnasolutions" | Topease Search vendor "Businessdnasolutions" for product "Topease" | <= 7.1.27 Search vendor "Businessdnasolutions" for product "Topease" and version " <= 7.1.27" | - |
Affected
|