CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-30119

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078`

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.3%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/
https://csirt.divd.nl/CVE-2021-30119
https://csirt.divd.nl/DIVD-2021-00011
https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/
https://csirt.divd.nl/CVE-2021-30119
https://csirt.divd.nl/DIVD-2021-00011

Products affected by CVE-2021-30119

Kaseya » Vsa » Version: N/A

cpe:2.3:a:kaseya:vsa:-
Kaseya » Vsa » Version: 9.5.6

cpe:2.3:a:kaseya:vsa:9.5.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-30119

Products

Pricing

Contact Us