An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-01-24T19:58:24
Updated: 2024-08-04T04:39:20.359Z
Reserved: 2021-12-16T00:00:00
Link: CVE-2021-45224
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-01-24T20:15:08.370
Modified: 2023-10-18T17:24:52.747
Link: CVE-2021-45224
Redhat
No data.