{"api_version":"1","generated_at":"2026-04-23T08:04:58+00:00","cve":"CVE-2021-42856","urls":{"html":"https://cve.report/CVE-2021-42856","api":"https://cve.report/api/cve/CVE-2021-42856.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-42856","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-42856"},"summary":{"title":"CVE-2021-42856","description":"It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.","state":"PUBLIC","assigner":"cve_disclosure@tech.gov.sg","published_at":"2022-03-10 17:44:00","updated_at":"2022-03-15 16:41:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856","name":"https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856","refsource":"CONFIRM","tags":[],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-42856","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42856","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"42856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"riverbed","cpe5":"steelcentral_appinternals_dynamic_sampling_agent","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"42856","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"riverbed","cpe5":"steelcentral_appinternals_dynamic_sampling_agent","cpe6":"10.0.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve_disclosure@tech.gov.sg","DATE_PUBLIC":"2022-02-23T10:30:00.000Z","ID":"CVE-2021-42856","STATE":"PUBLIC","TITLE":"Reflected Cross-site Scripting at DsaDataTest"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"SteelCentral AppInternals Dynamic Sampling Agent","version":{"version_data":[{"version_affected":"<","version_name":"12.13.0","version_value":"12.13.0"},{"version_affected":"<","version_name":"11.8.8","version_value":"11.8.8"},{"version_affected":"=","version_name":"10.x","version_value":"10.x"}]}}]},"vendor_name":"Aternity"}]}},"credit":[{"lang":"eng","value":"Darrel Huang, Bjorn Lim, Leng Kang Hao from Government Technology Agency of Singapore"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.7,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20 Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856","refsource":"CONFIRM","url":"https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856"}]},"source":{"discovery":"INTERNAL"}},"nvd":{"publishedDate":"2022-03-10 17:44:00","lastModifiedDate":"2022-03-15 16:41:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.13.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.8.8","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:riverbed:steelcentral_appinternals_dynamic_sampling_agent:10.0.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"42856","Ordinal":"219368","Title":"CVE-2021-42856","CVE":"CVE-2021-42856","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"42856","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}