CVE-2021-42119 — HIGH (7.3)

Q: How severe is CVE-2021-42119?

CVE-2021-42119 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-42119?

Check the references section above for vendor advisories and patch information. Affected products include: Businessdnasolutions Topease.

Vulnerability Description

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Businessdnasolutions	Topease	<= 7.1.27

Related Weaknesses (CWE)

CWE-79

References

https://confluence.topease.ch/confluence/display/DOC/Release+NotesRelease NotesVendor Advisory
https://confluence.topease.ch/confluence/display/DOC/Release+NotesRelease NotesVendor Advisory

FAQ

What is CVE-2021-42119?

CVE-2021-42119 is a vulnerability with a CVSS score of 7.3 (HIGH). Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object M...

How severe is CVE-2021-42119?

CVE-2021-42119 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-42119?

Check the references section above for vendor advisories and patch information. Affected products include: Businessdnasolutions Topease.