{"cve":{"cve_id":"CVE-2021-42856","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.0058,"epss_percentile":0.43165,"epss_as_of":"2026-06-23","description":"It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.","published_at":"2022-03-09T16:51:56.184000Z","last_modified_at":null,"cvss_v3_score":4.7,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-20"],"nvd_references":["https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:16:18.836471Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"L","value_label":"Low"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"aternity","vendor_name":"Aternity","product_slug":"steelcentral-appinternals-dynamic-sampling-agent","product_name":"SteelCentral AppInternals Dynamic Sampling Agent","version_start":"10.x","version_start_inclusive":true,"version_end":"10.x","version_end_inclusive":true,"cpe23_uri":"cve5:aternity:steelcentral-appinternals-dynamic-sampling-agent:10.x:10.x"},{"vendor_slug":"aternity","vendor_name":"Aternity","product_slug":"steelcentral-appinternals-dynamic-sampling-agent","product_name":"SteelCentral AppInternals Dynamic Sampling Agent","version_start":"12.13.0","version_start_inclusive":true,"version_end":"12.13.0","version_end_inclusive":false,"cpe23_uri":"cve5:aternity:steelcentral-appinternals-dynamic-sampling-agent:12.13.0:12.13.0"},{"vendor_slug":"aternity","vendor_name":"Aternity","product_slug":"steelcentral-appinternals-dynamic-sampling-agent","product_name":"SteelCentral AppInternals Dynamic Sampling Agent","version_start":"11.8.8","version_start_inclusive":true,"version_end":"11.8.8","version_end_inclusive":false,"cpe23_uri":"cve5:aternity:steelcentral-appinternals-dynamic-sampling-agent:11.8.8:11.8.8"}],"exploit_refs":[],"news":[],"references":[{"url":"https://aternity.force.com/customersuccess/s/article/Reflected-Cross-site-Scripting-at-DsaDataTest-CVE-2021-42856","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2022-03-09T16:51:56.184000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:19:39.289314Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:19:39.289314Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:19:39.289314Z","label":"CVSS score revised","source":"cvelistv5"}]}