CVE-2021-42564
Description
An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers (with permission to provide confidential messages via Cryptshare) to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' substring in the editor parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cryptshare before 5.1.0 allows an open redirect via HTML injection in confidential messages, enabling attackers to redirect recipients to malicious URLs.
Vulnerability
In Cryptshare versions prior to 5.1.0, the editor for confidential messages allows basic HTML formatting but insufficiently sanitizes input. An attacker with permission to send confidential messages can inject a `` tag to redirect the recipient to an arbitrary URL. This is an open redirect vulnerability (CWE-601) [1].
Exploitation
The attacker must have a license that permits sending confidential messages via Cryptshare. They craft a message containing the malicious meta tag in the editor parameter, which is not properly sanitized. When the recipient views the confidential message, the browser processes the meta refresh and redirects them to the attacker-controlled URL. No user interaction beyond viewing the message is required [1].
Impact
Successful exploitation redirects the victim to an external site, which can be used for phishing attacks or to deliver malware. The attacker gains the ability to deceive the recipient into revealing credentials or other sensitive information. The confidentiality and integrity of the user's session may be compromised [1].
Mitigation
The vendor released version 5.1.0 on 2021-10-28, which fixes the vulnerability. Users should upgrade to Cryptshare 5.1.0 or later. No workaround is mentioned in the advisory [1].
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Cryptshare/Cryptsharedescription
- Range: <5.1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Incomplete server-side HTML sanitization allows injection of a `"
Attack vector
An attacker with permission to send confidential messages via Cryptshare intercepts the upload request and injects a `
Affected code
The advisory identifies the editor parameter in the confidential message upload flow as the vulnerable input point. The server-side HTML sanitization is incomplete, allowing injection of arbitrary HTML tags such as `
What the fix does
The advisory states the solution date as 2021-10-28 and that the fix is included in Cryptshare version 5.1.0, but no patch diff is provided. The remediation involves correcting the incomplete HTML sanitization on the server side so that meta refresh tags and other dangerous HTML constructs are stripped from the editor parameter before rendering the confidential message to the recipient.
Preconditions
- authAttacker must have a valid Cryptshare account with permission to send confidential messages
- networkAttacker must be able to intercept and modify the HTTP POST request during the upload flow (e.g., via a proxy tool)
- inputThe target victim must open the confidential message sent by the attacker
Reproduction
Intercept the POST request to `/Upload2?1-1.0-navigationContainer-navigation-nextButton-link&csrfToken=[...]` when sending a confidential message. Modify the `editor` parameter to include `
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-057.txtmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.