PT-2021-17105 · Redwood · Redwood Report2Web

Published

2021-02-05

Updated

2022-02-04

CVE-2021-26711

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Redwood Report2Web versions 4.3.4.5 through 4.5.3

Description A frame-injection issue in the online help of Redwood Report2Web allows remote attackers to render an external resource inside a frame via the "help/Online Help/NetHelp/default.htm" turl parameter.

Recommendations For versions 4.3.4.5 through 4.5.3, consider disabling access to the "help/Online Help/NetHelp/default.htm" endpoint until a patch is available. Restrict the use of the turl parameter in the affected API endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-610

Related Identifiers

CVE-2021-26711

Affected Products

Redwood Report2Web

PT-2021-17105 · Redwood · Redwood Report2Web

CVE-2021-26711

Weakness Enumeration

Related Identifiers

Affected Products

References · 6