CVE-2021-45228 (GCVE-0-2021-45228)

Vulnerability from cvelistv5 – Published: 2022-04-14 14:00 – Updated: 2024-08-04 04:39
VLAI?
Summary
An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:20.265Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-14T14:00:53.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-45228",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview",
              "refsource": "MISC",
              "url": "https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview"
            },
            {
              "name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt",
              "refsource": "MISC",
              "url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-45228",
    "datePublished": "2022-04-14T14:00:53.000Z",
    "dateReserved": "2021-12-16T00:00:00.000Z",
    "dateUpdated": "2024-08-04T04:39:20.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-45228",
      "date": "2026-04-25",
      "epss": "0.00206",
      "percentile": "0.42767"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0E220D9E-3B07-46DA-A9B6-534B47ACA65F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado un problema de tipo XSS en COINS Construction Cloud versi\\u00f3n 11.12. Debido a una insuficiente neutralizaci\\u00f3n de la entrada del usuario en la descripci\\u00f3n de una tarea, es posible almacenar c\\u00f3digo JavaScript malicioso en la descripci\\u00f3n de la tarea. \\u00c9ste es ejecutado posteriormente cuando es reflejado al usuario\"}]",
      "id": "CVE-2021-45228",
      "lastModified": "2024-11-21T06:32:00.763",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:S/C:N/I:P/A:N\", \"baseScore\": 3.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 6.8, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2022-04-14T15:15:07.677",
      "references": "[{\"url\": \"https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Product\", \"Third Party Advisory\"]}, {\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Product\", \"Third Party Advisory\"]}, {\"url\": \"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-45228\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2022-04-14T15:15:07.677\",\"lastModified\":\"2024-11-21T06:32:00.763\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado un problema de tipo XSS en COINS Construction Cloud versi\u00f3n 11.12. Debido a una insuficiente neutralizaci\u00f3n de la entrada del usuario en la descripci\u00f3n de una tarea, es posible almacenar c\u00f3digo JavaScript malicioso en la descripci\u00f3n de la tarea. \u00c9ste es ejecutado posteriormente cuando es reflejado al usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:S/C:N/I:P/A:N\",\"baseScore\":3.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":6.8,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coins-global:coins_construction_cloud:11.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E220D9E-3B07-46DA-A9B6-534B47ACA65F\"}]}]}],\"references\":[{\"url\":\"https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-031.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.