CVE-2021-42329

Summary

The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.

Affected Software

VendorProductVersion RangeStatus
ShinHer Information Co., LTD.ShinHer StudyOnline Systemunspecified <= 2021affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References