CVE-2021-44598

{"id": "CVE-2021-44598", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2021-12-26T15:15:07.497", "references": [{"url": "https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44598", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflected method, and then can store information by injecting the admin account on this system."}, {"lang": "es", "value": "Attendance Management System versi\u00f3n 1.0 est\u00e1 afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS). El valor del par\u00e1metro de petici\u00f3n FirstRecord es copiado en el valor de un atributo de la etiqueta HTML que est\u00e1 encapsulado entre comillas dobles. El atacante puede acceder al sistema, usando el m\u00e9todo de tipo XSS-reflejado, y luego puede almacenar informaci\u00f3n inyectando la cuenta de administrador en este sistema"}], "lastModified": "2022-01-05T21:47:39.337", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:attendance_management_system_project:attendance_management_system:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F39BD64B-8331-483D-B960-7F6EF212978A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}