An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.
References
Link | Resource |
---|---|
https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview | Patch Product Vendor Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-053.txt | Exploit Third Party Advisory |
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053 | Third Party Advisory |
https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview | Patch Product Vendor Advisory |
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-053.txt | Exploit Third Party Advisory |
https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:32
Type | Values Removed | Values Added |
---|---|---|
References | () https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview - Patch, Product, Vendor Advisory | |
References | () https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-053.txt - Exploit, Third Party Advisory | |
References | () https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053 - Third Party Advisory |
18 Oct 2023, 17:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:* | |
First Time |
Coins-global coins Construction Cloud
|
|
References | (MISC) https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview - Patch, Product, Vendor Advisory |
Information
Published : 2022-01-24 20:15
Updated : 2024-11-21 06:32
NVD link : CVE-2021-45224
Mitre link : CVE-2021-45224
CVE.ORG link : CVE-2021-45224
JSON object : View
Products Affected
coins-global
- coins_construction_cloud
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')