CVE-2021-42856
Description
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
Risk Information
Base Score
4.7
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.202
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Improper Input Validation Vulnerability (CVE-2021-42856) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234