CyberSec.Space Logo
Back to CVE Browser

CVE-2021-4046

MEDIUM
5.4
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile10.60th
PublishedFeb 11, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.

Affected Platforms (CPE)

📦
Tcman

Gim

= 8.0.1
📦
Tcman

Gim

= 8.01

References & Advisories

🔗 https://www.incibe.es/en/incibe-cert/notices/aviso/tcman-gim-cross-site-scripting-xss
🔗 https://www.incibe.es/en/incibe-cert/notices/aviso/tcman-gim-cross-site-scripting-xss

Related Vulnerabilities

CVE-2021-4085010.0

TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx.

CVE-2021-408517.5

TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploita...

CVE-2021-408537.2

TCMAN GIM does not perform an authorization check when trying to access determined resources. A remote attacker could exploit this...

CVE-2021-408526.1

TCMAN GIM is affected by an open redirect vulnerability. This vulnerability allows the redirection of user navigation to pages con...