Vulnerability Details : CVE-2021-32542
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2021-32542
- cpe:2.3:a:sysjust:cts_web:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32542
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 29 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32542
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST | |
4.7
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N |
2.8
|
1.4
|
TWCERT/CC |
CWE ids for CVE-2021-32542
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: twcert@cert.org.tw (Primary)
References for CVE-2021-32542
-
https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html
TWCERT/CC台灣電腦網路危機處理暨協調中心-嘉實資訊 CTS Web 交易系統 - Reflected XSSThird Party Advisory
-
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
CHT Security Red Team Discovered Several Vulnerabilities in Well-Known Domestic CTS Web Transaction System|中華資安國際 CHT Security Co., Ltd.Third Party Advisory
Jump to