Cross-Site Scripting Vulnerability in SolarView Compact by Contec
CVE-2021-20660

6.1MEDIUM

Key Information:

Vendor

Contec Co., Ltd.

Status
Solarview Compact
Vendor
CVE Published:
24 February 2021

What is CVE-2021-20660?

The SolarView Compact SV-CPT-MC310 prior to version 6.5 is vulnerable to a cross-site scripting attack that allows an attacker to inject arbitrary scripts through unspecified vectors. This type of vulnerability can lead to unauthorized actions or data theft, posing a significant risk to users if exploited.

Affected Version(s)

SolarView Compact SV-CPT-MC310 prior to Ver.6.5

References

https://www.contec.com/jp/api/downloadlogger?download=htt...
x_refsource_MISC
https://www.contec.com/jp/download/contract/contract2/?it...
x_refsource_MISC
https://jvn.jp/en/jp/JVN37417423/index.html
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.