CVE-2021-38428 MEDIUM

CVE-2021-38428: Delta Electronics DIALink

Vendor Delta Electronics

Product DIALink

Weakness CWE-79 · XSS

Published November 3, 2021

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

5.5/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.

Key dates

02Disclosure timeline

November 3, 2021 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-38428 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-2972 a466350665 Smart-SSO Role Edit UserController.java save cross site scripting CVE-2026-1575 Schema Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2019-25311 thesystem Persistent XSS CVE-2024-4687 Campcodes Complete Web-Based School Management System create_events.php cross site scripting CVE-2024-5165 Eclipse Ditto User Interface vulnerable to XSS due to Improper Neutralization of Input