CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-42856

It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 41.6%

CVSS Severity

CVSS v3 Score 4.7

CVSS v2 Score 4.3

References

https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856
https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856

Products affected by CVE-2021-42856

Riverbed » Steelcentral Appinternals Dynamic Sampling Agent » Version: 10.0.0

cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0
Riverbed » Steelcentral Appinternals Dynamic Sampling Agent » Version: 11.0.0

cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:11.0.0
Riverbed » Steelcentral Appinternals Dynamic Sampling Agent » Version: 12.0.0

cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:12.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-42856

Products

Pricing

Contact Us