CVE-2021-42856
MEDIUMRiverbed SteelCentral AppInternals Dynamic Sampling Agent - Reflected XSS via DsaDataTest Metric Parameter
Title source: llmDescription
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856
Scores
CVSS v3
4.7
EPSS
0.0058
EPSS Percentile
43.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Details
CWE
CWE-20
CWE-79
Status
published
Products (2)
riverbed/steelcentral_appinternals_dynamic_sampling_agent
10.0.0
riverbed/steelcentral_appinternals_dynamic_sampling_agent
11.0.0 - 11.8.8
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026