The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html | Third Party Advisory |
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344 | Third Party Advisory |
Configurations
Information
Published : 2021-05-28 01:15
Updated : 2022-06-03 10:31
NVD link : CVE-2021-32542
Mitre link : CVE-2021-32542
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
sysjust
- cts_web