QwikSec

Security Database

CVE

CWE

Training

CVE-2021-45224

Published: Jan 24, 2022

Modified: Aug 4, 2024

PUBLISHED

Description

An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://appsource.microsoft.com/en-us/product/web-apps/constructionindustrysolutionslimited-5057232.coinsconstructioncloud?tab=overview

x_refsource_MISC

https://www.syss.de/pentest-blog/multiple-schwachstellen-im-coins-construction-cloud-erp-syss-2021-028/-029/-030/-031/-051/-052/-053

x_refsource_MISC

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-053.txt

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.