CVE-2021-42856

Summary

It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.

Affected Software

VendorProductVersion RangeStatus
AternitySteelCentral AppInternals Dynamic Sampling Agent10.xaffected
AternitySteelCentral AppInternals Dynamic Sampling Agent12.13.0 < 12.13.0affected
AternitySteelCentral AppInternals Dynamic Sampling Agent11.8.8 < 11.8.8affected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

References