CVE-2021-29661

{"id": "CVE-2021-29661", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-04-02T19:15:21.053", "references": [{"url": "https://www.gruppotim.it/redteam", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Softing AG OPC Toolbox through 4.10.1.13035 allows /en/diag_values.html Stored XSS via the ITEMLISTVALUES##ITEMID parameter, resulting in JavaScript payload injection into the trace file. This payload will then be triggered every time an authenticated user browses the page containing it."}, {"lang": "es", "value": "Softing AG OPC Toolbox versiones hasta 4.10.1.13035, permite un ataque de tipo XSS Almacenado en el archivo /en/diag_values.html por medio del par\u00e1metro ITEMLISTVALUES##ITEMID, resultando en una inyecci\u00f3n de carga \u00fatil de JavaScript en el archivo de seguimiento. Esta carga \u00fatil se desencadenar\u00e1 cada vez que un usuario autenticado navegue por la p\u00e1gina que lo contiene."}], "lastModified": "2021-04-08T03:20:42.007", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softing:opc_toolbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BC45CA7-6471-41D9-804D-212BD0F03EC7", "versionEndIncluding": "4.10.1.13035"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}