Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-42856
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Reflected Cross-site Scripting at DsaDataTest
Source: NVD (National Vulnerability Database)
Vulnerability Description
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Aternity SteelCentral AppInternals 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Aternity SteelCentral AppInternals是美国Aternity公司的一个监控现代自动化解决方案。提供应用程序性能监控 (APM) 和诊断。 Aternity SteelCentral AppInternals 存在安全漏洞,该漏洞允许攻击者制作自己的恶意负载来触发 XSS 漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
AternitySteelCentral AppInternals Dynamic Sampling Agent 10.x -
II. Public POCs for CVE-2021-42856
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-42856
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: SteelCentral AppInternals Dynamic Sampling Agent
Same vendor: Aternity
Same weakness: CWE-20
V. Comments for CVE-2021-42856

No comments yet

Leave a comment