CVE-2021-45224

Name of the Vulnerable Software and Affected Versions COINS Construction Cloud version 11.12

Description An issue was discovered in the application where JavaScript code is passed as a URL parameter in several locations. This allows attackers to alter the code and cause malicious behavior, making the application vulnerable to reflected XSS via malicious URLs.

Recommendations For COINS Construction Cloud version 11.12, consider restricting access to URL parameters that accept JavaScript code to minimize the risk of exploitation. As a temporary workaround, avoid using URLs with JavaScript code until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.