CVE-2021-30174 Vulnerability Details

  /     /     /  

CVE-2021-30174 Metadata Quick Info

CVE Published: 11/05/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: twcert | Vendor: RiyaLab Co., Ltd. | Product: CloudISO
Status : PUBLISHED

---

CVE-2021-30174 Description

RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.

Metrics

CVSS Version: 3.1 | Base Score: 5.4 MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* LOW
    Availability Impact (A)* NONE

Weakness Enumeration (CWE)

CWE-ID: CWE-79
CWE Name: CWE-79 Cross-site Scripting (XSS)
Source: RiyaLab Co., Ltd.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).