It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GovTech CSG
Published: 2022-03-09T16:51:56.184251Z
Updated: 2024-09-17T04:18:57.454Z
Reserved: 2021-10-25T00:00:00
Link: CVE-2021-42856
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-03-10T17:44:07.997
Modified: 2024-11-21T06:28:14.190
Link: CVE-2021-42856
Redhat
No data.