Sign-up

ID

VAR-202203-1779


CVE

CVE-2021-44310


TITLE

firmware analysis and comparison tool project  Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-019184

DESCRIPTION

An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. The vulnerability stems from the lack of data validation and filtering of user-provided data and output in the user creation function

Trust: 1.8

sources: NVD: CVE-2021-44310 // JVNDB: JVNDB-2021-019184 // VULHUB: VHN-407503 // VULMON: CVE-2021-44310

AFFECTED PRODUCTS

vendor:analysis and comparison toolmodel:analysis and comparison toolscope:eqversion:3.2

Trust: 1.0

vendor:analysis and comparison toolmodel:projectscope: - version: -

Trust: 0.8

vendor:analysis and comparison toolmodel:projectscope:eqversion: -

Trust: 0.8

vendor:analysis and comparison toolmodel:projectscope:eqversion:3.2

Trust: 0.8

sources: JVNDB: JVNDB-2021-019184 // NVD: CVE-2021-44310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-44310
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-44310
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202203-2540
value: MEDIUM

Trust: 0.6

VULHUB: VHN-407503
value: LOW

Trust: 0.1

VULMON: CVE-2021-44310
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-44310
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-407503
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-44310
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: CVE-2021-44310
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-407503 // VULMON: CVE-2021-44310 // JVNDB: JVNDB-2021-019184 // CNNVD: CNNVD-202203-2540 // NVD: CVE-2021-44310

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.1

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-407503 // JVNDB: JVNDB-2021-019184 // NVD: CVE-2021-44310

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-2540

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202203-2540

EXTERNAL IDS

db:NVDid:CVE-2021-44310

Trust: 3.4

db:JVNDBid:JVNDB-2021-019184

Trust: 0.8

db:CNNVDid:CNNVD-202203-2540

Trust: 0.6

db:CNVDid:CNVD-2022-61450

Trust: 0.1

db:VULHUBid:VHN-407503

Trust: 0.1

db:VULMONid:CVE-2021-44310

Trust: 0.1

sources: VULHUB: VHN-407503 // VULMON: CVE-2021-44310 // JVNDB: JVNDB-2021-019184 // CNNVD: CNNVD-202203-2540 // NVD: CVE-2021-44310

REFERENCES

url:https://brainy-sternum-995.notion.site/cve-2021-44310-reserved-e9efc897f9944464b8807d44c6fc21df

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-44310

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-44310/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/79.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-407503 // VULMON: CVE-2021-44310 // JVNDB: JVNDB-2021-019184 // CNNVD: CNNVD-202203-2540 // NVD: CVE-2021-44310

SOURCES

db:VULHUBid:VHN-407503
db:VULMONid:CVE-2021-44310
db:JVNDBid:JVNDB-2021-019184
db:CNNVDid:CNNVD-202203-2540
db:NVDid:CVE-2021-44310

LAST UPDATE DATE

2024-11-23T22:29:02.382000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-407503date:2022-04-08T00:00:00
db:VULMONid:CVE-2021-44310date:2022-04-08T00:00:00
db:JVNDBid:JVNDB-2021-019184date:2023-07-19T08:29:00
db:CNNVDid:CNNVD-202203-2540date:2022-04-11T00:00:00
db:NVDid:CVE-2021-44310date:2024-11-21T06:30:43.203

SOURCES RELEASE DATE

db:VULHUBid:VHN-407503date:2022-03-30T00:00:00
db:VULMONid:CVE-2021-44310date:2022-03-30T00:00:00
db:JVNDBid:JVNDB-2021-019184date:2023-07-19T00:00:00
db:CNNVDid:CNNVD-202203-2540date:2022-03-30T00:00:00
db:NVDid:CVE-2021-44310date:2022-03-30T17:15:10.070