Improper Encoding or Escaping of Output

CVE-2021-45226

Medium

6.5/10

Summary

An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-116 - Improper Encoding or Escaping of Output

The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.

References

Advisory Timeline

Published Jan 24, 2022

Improper Encoding or Escaping of Output

CVE-2021-45226

Summary

CWE-116 - Improper Encoding or Escaping of Output

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS