CVE-2021-42119

Name of the Vulnerable Software and Affected Versions TopEase Platform versions prior to 7.1.28

Description The issue allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes via the Search Functionality. This can alter the intended functionality and potentially lead to account takeover by stealing cookies.

Recommendations For versions prior to 7.1.28, update to version 7.1.28 or later to resolve the issue. As a temporary workaround, consider restricting access to the Search Functionality for users with Object Modification privileges until the update is applied.