COINS Construction Cloud
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45227 | 0.00 | — | 0.00 | Apr 14, 2022 | An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack. | |||
| CVE-2021-45228 | 0.00 | — | 0.00 | Apr 14, 2022 | An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user. | |||
| CVE-2021-45224 | 0.00 | — | 0.00 | Jan 24, 2022 | An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected… | |||
| CVE-2021-45225 | 0.00 | — | 0.00 | Jan 24, 2022 | An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window). | |||
| CVE-2021-45226 | 0.00 | — | 0.00 | Jan 24, 2022 | An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites. | |||
| CVE-2021-45223 | 0.00 | — | 0.01 | Jan 24, 2022 | An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes. | |||
| CVE-2021-45222 | 0.00 | — | 0.00 | Jan 24, 2022 | An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel. |
- CVE-2021-45227Apr 14, 2022risk 0.00cvss —epss 0.00
An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.
- CVE-2021-45228Apr 14, 2022risk 0.00cvss —epss 0.00
An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user.
- CVE-2021-45224Jan 24, 2022risk 0.00cvss —epss 0.00
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected…
- CVE-2021-45225Jan 24, 2022risk 0.00cvss —epss 0.00
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window).
- CVE-2021-45226Jan 24, 2022risk 0.00cvss —epss 0.00
An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites.
- CVE-2021-45223Jan 24, 2022risk 0.00cvss —epss 0.01
An issue was discovered in COINS Construction Cloud 11.12. Due to insufficient input neutralization, it is vulnerable to denial of service attacks via forced server crashes.
- CVE-2021-45222Jan 24, 2022risk 0.00cvss —epss 0.00
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.