It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published: 2022-03-09T16:51:56.184251Z

Updated: 2024-09-17T04:18:57.454Z

Reserved: 2021-10-25T00:00:00

Link: CVE-2021-42856

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-03-10T17:44:07.997

Modified: 2024-11-21T06:28:14.190

Link: CVE-2021-42856

cve-icon Redhat

No data.