XSS in Grand Vice Info Co. Webopac7
CVE-2021-42838
Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks.
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.006 (44.7th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Grand Vice Info Co. Webopac7 — versions 7.1.20160701, 1.8.20160701
- Vice Webopac — versions 1.8.20160701, 7.1.20160701
Weakness classification (CWE)
References
- twcert@cert.org.tw (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-42838?
- CVE-2021-42838 is a medium-severity vulnerability in Grand Vice Info Co. Webopac7, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2021-11-15.
- How severe is CVE-2021-42838?
- Medium severity. CVSS v3 base score is 6.1 out of 10.