CVE-2021-42329

Name of the Vulnerable Software and Affected Versions ShinHer StudyOnline System (affected versions not specified)

Description The issue concerns the List Add function of the message board in ShinHer StudyOnline System, which fails to filter special characters in the title parameter. This allows remote attackers to inject JavaScript and execute stored XSS attacks after logging in with a user's privilege.

Recommendations For ShinHer StudyOnline System, consider disabling the List Add function until a patch is available to prevent the injection of JavaScript and execution of stored XSS attacks. Restrict access to the message board to minimize the risk of exploitation. Avoid using the title parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.