Externally Controlled Reference to a Resource in Another Sphere
CVE-2021-26711
Summary
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.
- LOW
- NETWORK
- LOW
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
References
Advisory Timeline
- Published