CVE-2021-46355

OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS).

CVSS v3 5.4 MEDIUM
CVSS v2.0 3.5 LOW

5.4^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://ocs.com	Not Applicable
https://medium.com/%40windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e
http://ocs.com	Not Applicable
https://medium.com/%40windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e

Configurations

Configuration 1 (hide)

cpe:2.3:a:factorfx:ocs_inventory:2.9.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-11 13:15

Updated : 2024-11-21 06:33

NVD link : CVE-2021-46355

Mitre link : CVE-2021-46355

CVE.ORG link : CVE-2021-46355

JSON object : View

Products Affected

factorfx

ocs_inventory

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2021-46355", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2022-02-11T13:15:07.963", "references": [{"url": "http://ocs.com", "tags": ["Not Applicable"], "source": "cve@mitre.org"}, {"url": "https://medium.com/%40windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e", "source": "cve@mitre.org"}, {"url": "http://ocs.com", "tags": ["Not Applicable"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://medium.com/%40windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS)."}, {"lang": "es", "value": "OCS Inventory versi\u00f3n 2.9.1, est\u00e1 afectado por un ataque de tipo Cross Site Scripting (XSS). Para explotar la vulnerabilidad, el atacante necesita manipular el nombre de alg\u00fan dispositivo de su ordenador, como una impresora, sustituyendo el nombre del dispositivo por alg\u00fan c\u00f3digo malicioso que permita una ejecuci\u00f3n de tipo Cross-site Scripting (XSS) Almacenado"}], "lastModified": "2024-11-21T06:33:57.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:factorfx:ocs_inventory:2.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDB6C3E-EE9A-445E-AD15-40A9D7E579A0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}