CVE-2021-42534 MEDIUM

CVE-2021-42534: Trane Building Automation Controllers Cross-site Scripting

Vendor Trane

Product Tracer SC

Weakness CWE-79 · XSS

Published October 22, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms.

Key dates

02Disclosure timeline

October 22, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-42534 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-20250 CVE-2024-33947 WordPress RegistrationMagic plugin <= 5.3.2.0 - Cross Site Scripting (XSS) vulnerability CVE-2025-69326 WordPress NEX-Forms plugin <= 9.1.7 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2024-39403 Stored XSS through Webhook module public key configuration CVE-2023-5295 Comments by Startbit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode