CVE-2021-21800
published 2021-07-16CVE-2021-21800: Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially…
PriorityP344medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
14.12%
96.1th percentile
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advantech | r-seenet | — | — |
Detection & IOCsextracted from sources · hover to see the quote
path/php/ssh_form.php
url/php/ssh_form.php?hostname=%3C/title%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Ctitle%3E
- →Look for GET requests to /php/ssh_form.php with a 'hostname' parameter containing HTML/script injection patterns (e.g., URL-encoded </title><script> sequences).
- →HTTP response body containing 'SSH Session alert(document.domain)' indicates successful reflected XSS exploitation via the hostname parameter of ssh_form.php.
- →Shodan/FOFA fingerprinting: hosts with HTTP response body containing 'R-SeeNet' or 'r-seenet' are candidate targets for this vulnerability.
- ·Vulnerability is specific to Advantech R-SeeNet version 2.4.12 (20.10.2020); other versions may not be affected. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.09.6CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-21800 [MEDIUM] Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script functionality.
Template:
id: CVE-2021-21800
info:
name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script functionality.
impact: |
Attackers can inject malicious JavaScript via reflected XSS, potentially stealing administrator session cookies or performing administrative actions on behalf of authenticated users.
remediation: |
Apply the latest security patches or updates provided by Advantech to fix the XSS vulnerability in R-SeeNet 2.4.12.
reference:
- https://talosintell
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
blogs_talos·2021-07-15·CVSS 6.1
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
The Talos vulnerability research team discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software.
R-SeeNet is the software system used for monitoring Advantech routers. It continuously collects information from individual routers in the network and records the data into a SQL database. The vulnerabilities Talos discovered exist in various scripts inside of R-SeeNet's web applications.
TALOS-2021-1270 (CVE-2021-21799), TALOS-2021-1271 (CVE-2021-21800) and TALOS-2021-1272 (CVE-2021-21801 - CVE-2021-21803) are all vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the context of the targeted user's browser. An adversary could exploit any of these vulnerabilit
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
blogs_talos·2021-07-15·CVSS 6.1
[MEDIUM] Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
## Vulnerability Spotlight: Multiple vulnerabilities in Advantech R-SeeNet
The Talos vulnerability research team discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple vulnerabilities in the Advantech R-SeeNet monitoring software.
R-SeeNet is the software system used for monitoring Advantech routers. It continuously collects information from individual routers in the network and records the data into a SQL database. The vulnerabilities Talos discovered exist in various scripts inside of R-SeeNet's web applications.
TALOS-2021-1270 (CVE-2021-21799), TALOS-2021-1271 (CVE-2021-21800) and TALOS-2021-1272 (CVE-2021-21801 - CVE-2021-21803) are all vulnerabilities that could allow an attacker to execute arbitrary JavaScript code in the context of the t
2021-07-16
Published