{"containers":{"cna":{"affected":[{"product":"ShinHer StudyOnline System","vendor":"ShinHer Information Co., LTD.","versions":[{"lessThanOrEqual":"2021","status":"affected","version":"unspecified","versionType":"custom"}]}],"datePublic":"2021-10-15T00:00:00.000Z","descriptions":[{"lang":"en","value":"The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-79","description":"CWE-79 Cross-site Scripting (XSS)","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2021-10-15T12:10:29.000Z","orgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","shortName":"twcert"},"references":[{"tags":["x_refsource_MISC"],"url":"https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html"}],"solutions":[{"lang":"en","value":"Update ShinHer StudyOnline System to version v2021.08.20.01"}],"source":{"advisory":"TVN-202110001","discovery":"EXTERNAL"},"title":"ShinHer Information Co., LTD. ShinHer StudyOnline System - Stored XSS","x_generator":{"engine":"Vulnogram 0.0.9"},"x_legacyV4Record":{"CVE_data_meta":{"AKA":"TWCERT/CC","ASSIGNER":"cve@cert.org.tw","DATE_PUBLIC":"2021-10-15T11:38:00.000Z","ID":"CVE-2021-42329","STATE":"PUBLIC","TITLE":"ShinHer Information Co., LTD. ShinHer StudyOnline System - Stored XSS"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"ShinHer StudyOnline System","version":{"version_data":[{"version_affected":"<=","version_value":"2021"}]}}]},"vendor_name":"ShinHer Information Co., LTD."}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.4,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"LOW","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-79 Cross-site Scripting (XSS)"}]}]},"references":{"reference_data":[{"name":"https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html","refsource":"MISC","url":"https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html"}]},"solution":[{"lang":"en","value":"Update ShinHer StudyOnline System to version v2021.08.20.01"}],"source":{"advisory":"TVN-202110001","discovery":"EXTERNAL"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T03:30:38.352Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://www.twcert.org.tw/tw/cp-132-5199-61238-1.html"}]}]},"cveMetadata":{"assignerOrgId":"cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e","assignerShortName":"twcert","cveId":"CVE-2021-42329","datePublished":"2021-10-15T12:10:29.738Z","dateReserved":"2021-10-12T00:00:00.000Z","dateUpdated":"2024-09-17T00:00:29.574Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}