CVE-2021-45227

Name of the Vulnerable Software and Affected Versions COINS Construction Cloud version 11.12

Description The issue is related to an inappropriate use of HTML IFRAME elements in the file upload functionality, making it vulnerable to a persistent Cross-Site Scripting (XSS) attack. This allows for malicious scripts to be uploaded and executed, potentially leading to unauthorized access or data manipulation.

Recommendations For COINS Construction Cloud version 11.12, consider disabling the file upload functionality until a patch is available to prevent exploitation of the persistent Cross-Site Scripting (XSS) attack. Restrict access to the file upload feature to minimize the risk of malicious script execution.