CVE-2021-30174

{"id": "CVE-2021-30174", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2021-05-11T06:15:06.860", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-4718-f16df-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-4718-f16df-1.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks."}, {"lang": "es", "value": "Es agregado el elemento de evento RiyaLab CloudISO, los caracteres especiales en un campo espec\u00edfico de la p\u00e1gina de administraci\u00f3n del tiempo no son filtrados apropiadamente, permitiendo a unos atacantes autenticados remotos puedan inyectar JavaScript malicioso y realizar ataques de tipo XSS (Stored Cross-site scripting) almacenado"}], "lastModified": "2024-11-21T06:03:27.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ruiyanai:cloudiso:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DC5298E-5671-4BFD-A37F-3104AB4BFE60", "versionEndExcluding": "2021.2a"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}