Skip to main content

Externally Controlled Reference to a Resource in Another Sphere

CVE-2021-26711

Severity Medium
Score 5.3/10

Summary

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References

Advisory Timeline

  • Published