cbcvebase.
CVE-2021-21800
published 2021-07-16

CVE-2021-21800: Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially…

PriorityP344medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
14.12%
96.1th percentile
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.

Affected

1 ranges
VendorProductVersion rangeFixed in
advantechr-seenet

Detection & IOCsextracted from sources · hover to see the quote

path/php/ssh_form.php
url/php/ssh_form.php?hostname=%3C/title%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3Ctitle%3E
  • Look for GET requests to /php/ssh_form.php with a 'hostname' parameter containing HTML/script injection patterns (e.g., URL-encoded </title><script> sequences).
  • HTTP response body containing 'SSH Session alert(document.domain)' indicates successful reflected XSS exploitation via the hostname parameter of ssh_form.php.
  • Shodan/FOFA fingerprinting: hosts with HTTP response body containing 'R-SeeNet' or 'r-seenet' are candidate targets for this vulnerability.
  • ·Vulnerability is specific to Advantech R-SeeNet version 2.4.12 (20.10.2020); other versions may not be affected.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.09.6CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.