CVE-2021-42117 LOW

CVE-2021-42117: UI Redressing in TopEase

Vendor Business-Dna Solutions Gmbh

Product TopEase

Weakness CWE-20 · Input validation

Published November 30, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

3.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.

Key dates

02Disclosure timeline

November 30, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42117

Related vulnerabilities

Identifiers

CVE CVE-2021-42117

CWE CWE-20

CVSS 3.5 / LOW

Affected versions