CVE-2021-42119 HIGH

CVE-2021-42119: Stored XSS in Search Function in TopEase

Vendor Business-Dna Solutions Gmbh

Product TopEase

Weakness CWE-79 · XSS

Published November 30, 2021

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

What the vulnerability does

01Description

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover.

Key dates

02Disclosure timeline

November 30, 2021 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42119 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

Identifiers

CVE CVE-2021-42119

CWE CWE-79

CVSS 7.3 / HIGH

Affected versions