CVE-2021-32542 — MEDIUM (4.7)

Q: How severe is CVE-2021-32542?

CVE-2021-32542 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-32542?

Check the references section above for vendor advisories and patch information. Affected products include: Sysjust Cts Web.

Vulnerability Description

The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack.

CVSS Score

4.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sysjust	Cts Web	< 2021.3.24

Related Weaknesses (CWE)

CWE-79

References

https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.htmlThird Party Advisory
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.htmlThird Party Advisory

FAQ

What is CVE-2021-32542?

CVE-2021-32542 is a vulnerability with a CVSS score of 4.7 (MEDIUM). The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’...

How severe is CVE-2021-32542?

CVE-2021-32542 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32542?

Check the references section above for vendor advisories and patch information. Affected products include: Sysjust Cts Web.