CVE-2021-32853
published 2023-02-20CVE-2021-32853: Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in…
PriorityP356critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EXPLOIT
EPSS
3.13%
86.2th percentile
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| erxes | erxes | < 0.22.3 | 0.22.3 |
| erxes | erxes | 0 – 1.0.1 | — |
| npm | erxes | 0.22.3 – 0.22.3 | — |
Detection & IOCsextracted from sources · hover to see the quote
sigma
alert(document.domain)
yara
window.erxesEnv
- →XSS payload executes alert(document.domain) in the context of the Erxes application; detect this string in HTTP responses from Erxes endpoints.
- →Presence of the JavaScript global 'window.erxesEnv' in a response body confirms the target is an Erxes instance; combine with XSS payload detection for high-confidence alerting.
- →Detection rule requires: XSS payload in body AND 'window.erxesEnv' in body AND Content-Type header contains 'text/html' AND HTTP 200 status code.
- →The vulnerability is triggered via a malicious link or redirect; monitor for reflected XSS patterns in HTTP responses from Erxes versions 0.22.3 and prior. ↗
- ·No patch is available for CVE-2021-32853 as of the time of publication; affected versions are 0.22.3 and prior. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Erxes vulnerable to Cross-site Scripting
osv·2023-02-21
CVE-2021-32853 [MEDIUM] Erxes vulnerable to Cross-site Scripting
Erxes vulnerable to Cross-site Scripting
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in all versions. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.
GHSA
Erxes vulnerable to Cross-site Scripting
ghsa·2023-02-21
CVE-2021-32853 [MEDIUM] CWE-79 Erxes vulnerable to Cross-site Scripting
Erxes vulnerable to Cross-site Scripting
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in all versions. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.
No detection rules found.
Nuclei
Erxes <0.23.0 - Cross-Site Scripting
nuclei·CVSS 5.3
CVE-2021-32853 [MEDIUM] Erxes <0.23.0 - Cross-Site Scripting
Erxes alert(document.domain)'
- "window.erxesEnv"
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 490a004630440220231aa3dfa0f8c70fa1893c682bb01405d440ad4cb6b60adcecdc554a35b9723c02201a1448d459b46242a0664dec7f757bde522a3cf292112a71fb752ccf26dade36:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/index.ts#L54https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/views/widget.ejs#L14https://securitylab.github.com/advisories/GHSL-2021-103-erxes/https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/index.ts#L54https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/views/widget.ejs#L14https://securitylab.github.com/advisories/GHSL-2021-103-erxes/
2023-02-20
Published