CVE-2021-42117

Published: Nov 30, 2021Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution.

Affected (1)

Products: Businessdnasolutions: Topease

Businessdnasolutions

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Businessdnasolutions Topease	Up to 7.1.27

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://confluence.topease.ch/confluence/display/DOC/Release+Notes

Source: vulnerability@ncsc.ch

Release NotesVendor Advisory

https://confluence.topease.ch/confluence/display/DOC/Release+Notes

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.