Lucene search

[email protected]NVD:CVE-2021-41565

HistoryOct 08, 2021 - 4:15 p.m.

CVE-2021-41565

2021-10-0816:15:07

CWE-79

[email protected]

web.nvd.nist.gov

tadtools

special page

remote attackers

inject

javascript syntax

logging in

reflective xss attacks

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.8%

JSON

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.

Affected configurations

Nvd

Node

tadtools_projecttadtoolsRange<3.2.2

VendorProductVersionCPE
tadtools_projecttadtools*cpe:2.3:a:tadtools_project:tadtools:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tadtools_project	tadtools	*	cpe:2.3:a:tadtools_project:tadtools::::::::

References

www.twcert.org.tw/tw/cp-132-5169-327ef-1.html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

44.8%

JSON

Related for NVD:CVE-2021-41565

prion1 cve1 cvelist1