SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
References
Link | Resource |
---|---|
https://github.com/RobertDra/CVE-2021-31862/blob/main/README.md | Exploit Third Party Advisory |
https://www.sysaid.com/product/on-premise/latest-release | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-10-29T10:44:30
Updated: 2021-10-29T10:44:30
Reserved: 2021-04-28T00:00:00
Link: CVE-2021-31862
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-29T11:15:08.477
Modified: 2021-11-03T12:51:38.617
Link: CVE-2021-31862
JSON object: View
Redhat Information
No data.
CWE