CVE-2021-45225

Name of the Vulnerable Software and Affected Versions COINS Construction Cloud version 11.12

Description The issue is related to improper input neutralization, making it vulnerable to reflected cross-site scripting (XSS) via malicious links. This affects the search window and activity view window.

Recommendations For COINS Construction Cloud version 11.12, update to a version that properly neutralizes input to prevent reflected cross-site scripting (XSS) attacks. As a temporary workaround, consider restricting access to the search window and activity view window to minimize the risk of exploitation. Avoid using malicious links that could trigger the XSS vulnerability until the issue is resolved.