CVE-2021-30174

RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-4718-f16df-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ruiyanai:cloudiso:*:*:*:*:*:*:*:*

History

17 May 2021, 20:30

Type Values Removed Values Added
References (CONFIRM) https://www.twcert.org.tw/tw/cp-132-4718-f16df-1.html - (CONFIRM) https://www.twcert.org.tw/tw/cp-132-4718-f16df-1.html - Third Party Advisory
CPE cpe:2.3:a:ruiyanai:cloudiso:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 5.4
v2 : 3.5
v3 : 5.4

11 May 2021, 12:07

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4
CWE CWE-79

11 May 2021, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-11 06:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-30174

Mitre link : CVE-2021-30174

CVE.ORG link : CVE-2021-30174


JSON object : View

Products Affected

ruiyanai

  • cloudiso
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')