CVE-2021-32542
low-risk
Published 2021-05-28
The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack.
Do I need to act?
-
0.50% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.7/10
Medium
NETWORK
/ LOW complexity
Affected Products (1)
Cts Web
Affected Vendors
References (4)
Third Party Advisory
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html
Third Party Advisory
https://www.chtsecurity.com/news/40e165e2-e539-49bc-bcf1-e3b27c29e344
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4758-82b05-1.html
26
/ 100
low-risk
Severity
19/34 · Moderate
Exploitability
2/34 · Minimal
Exposure
5/34 · Minimal