CVE-2021-30174 MEDIUM

CVE-2021-30174: RiyaLab Co., Ltd. CloudISO - Stored XSS

Vendor Riyalab Co., Ltd.
Product CloudISO
Weakness CWE-79 · XSS
Published May 11, 2021
Last update September 16, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.

Key dates

02Disclosure timeline

May 11, 2021 CVE published
September 16, 2024 Record updated