CVE-2021-32544 - CVE.report

CVE-2021-32544 is a disclosure identifier tied to a security vulnerability with the following details. Special characters of IGT search function in igt+ are ... Togglenavigation Home CVE-2021-32544 Publishedon:05/11/202112:00:00AMUTC LastModifiedon:05/14/202107:45:00PMUTC CVE-2021-32544-advisoryforTVN-202104049 Source:Mitre Source:Nist Print:PDF Certainversionsof Igt from IgtProject containthefollowingvulnerability:SpecialcharactersofIGTsearchfunctioninigt+arenotfilteredinspecificfields,whichallowremoteauthenticatedattackerscaninjectmaliciousJavaScriptandcarryoutDOM-basedXSS(Cross-sitescripting)attacks. CVE-2021-32544hasbeenassignedby[email protected]totrackthevulnerability-currentlyratedasMEDIUMseverity.AffectedVendor/Software:IntelligentglobaltechnologyLtd-igt+version=3901 CVSS3Score:5.4-MEDIUM AttackVectorⓘ AttackComplexity PrivilegesRequired UserInteraction NETWORK LOW LOW REQUIRED Scope ConfidentialityImpact IntegrityImpact AvailabilityImpact CHANGED LOW LOW NONE CVSS2Score:3.5-LOW AccessVectorⓘ AccessComplexity Authentication NETWORK MEDIUM SINGLE ConfidentialityImpact IntegrityImpact AvailabilityImpact NONE PARTIAL NONE CVEReferences Description Tagsⓘ Link TWCERT/CC台灣電腦網路危機處理暨協調中心-艾及第資訊雲端社群播課系統-DOM-basedCross-SiteScripting www.twcert.org.twtext/html MISCwww.twcert.org.tw/tw/cp-132-4719-e298a-1.html Byselectingtheselinks,youmaybeleavingCVEreportwebspace.Wehaveprovidedtheselinkstootherwebsitesbecausetheymayhaveinformationthatwouldbeofinteresttoyou.Noinferencesshouldbedrawnonaccountofothersitesbeingreferenced,ornot,fromthispage.Theremaybeotherwebsitesthataremoreappropriateforyourpurpose.CVEreportdoesnotnecessarilyendorsetheviewsexpressed,orconcurwiththefactspresentedonthesesites.Further,CVEreportdoesnotendorseanycommercialproductsthatmaybementionedonthesesites.Pleaseaddresscommentsaboutanylinkedpagesto[email protected]. TherearecurrentlynoQIDsassociatedwiththisCVE KnownAffectedConfigurations(CPEV2.3) Type Vendor Product Version Update Edition Language ApplicationIgtProjectIgt-AllAllAll cpe:2.3:a:igt\+_project:igt\+:-:*:*:*:*:*:*:*: NovendorcommentshavebeensubmittedforthisCVE SocialMentions Source Title Posted(UTC) @CVEreport CVE-2021-32544:SpecialcharactersofIGTsearchfunctioninigt+arenotfilteredinspecificfields,whichallow…twitter.com/i/web/status/1… 2021-05-1106:15:58 /r/netcve CVE-2021-32544 2021-05-1106:41:36 ←PreviousID NextID→