CVE-2021-45228

{"id": "CVE-2021-45228", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-04-14T15:15:07.677", "references": [{"url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview", "tags": ["Patch", "Product", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user."}, {"lang": "es", "value": "Se ha detectado un problema de tipo XSS en COINS Construction Cloud versi\u00f3n 11.12. Debido a una insuficiente neutralizaci\u00f3n de la entrada del usuario en la descripci\u00f3n de una tarea, es posible almacenar c\u00f3digo JavaScript malicioso en la descripci\u00f3n de la tarea. \u00c9ste es ejecutado posteriormente cuando es reflejado al usuario"}], "lastModified": "2022-04-21T09:21:28.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E220D9E-3B07-46DA-A9B6-534B47ACA65F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}