XSS in Grand Vice Info Co. Webopac7

CVE-2021-42838

Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.006 (44.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2021-42838?
CVE-2021-42838 is a medium-severity vulnerability in Grand Vice Info Co. Webopac7, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2021-11-15.
How severe is CVE-2021-42838?
Medium severity. CVSS v3 base score is 6.1 out of 10.