{ "CVE_data_meta": { "AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-10-15T11:38:00.000Z", "ID": "CVE-2021-42329", "STATE": "PUBLIC", "TITLE": "ShinHer Information Co., LTD. ShinHer StudyOnline System - Stored XSS" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "ShinHer StudyOnline System", "version": { "version_data": [ { "version_affected": "<=", "version_value": "2021" } ] } } ] }, "vendor_name": "ShinHer Information Co., LTD." } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The \u201cList_Add\u201d function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user\u2019s privilege, remote attackers can inject JavaScript and execute stored XSS attacks." } ] }, "generator": { "engine": "Vulnogram 0.0.9" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-79 Cross-site Scripting (XSS)" } ] } ] }, "references": { "reference_data": [ { "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html", "name": "https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html" } ] }, "solution": [ { "lang": "eng", "value": "Update ShinHer StudyOnline System to version v2021.08.20.01" } ], "source": { "advisory": "TVN-202110001", "discovery": "EXTERNAL" } }