CVE-2021-45476

Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.usom.gov.tr/bildirim/tr-22-0669	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:yordam:library_automation_system:*:*:*:*:*:*:*:*

History

17 Sep 2024, 03:15

Type	Values Removed	Values Added
Summary	~~(en) Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.~~	(en) Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.

28 Oct 2022, 17:34

Type	Values Removed	Values Added
References	~~(CONFIRM) https://www.usom.gov.tr/bildirim/tr-22-0669 -~~	(CONFIRM) https://www.usom.gov.tr/bildirim/tr-22-0669 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.1
CPE		cpe:2.3:a:yordam:library_automation_system::::::::
CWE		CWE-79

27 Oct 2022, 11:28

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-10-27 10:15

Updated : 2024-09-17 03:15

NVD link : CVE-2021-45476

Mitre link : CVE-2021-45476

CVE.ORG link : CVE-2021-45476

JSON object : View

Products Affected

yordam

library_automation_system

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.7 /10