cbcvebase.
CVE-2021-32853
published 2023-02-20

CVE-2021-32853: Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in…

PriorityP356critical9.6CVSS 3.1
AVNACLPRNUIRSCCHIHAH
EXPLOIT
EPSS
3.13%
86.2th percentile
Erxes, an experience operating system (XOS) with a set of plugins, is vulnerable to cross-site scripting in versions 0.22.3 and prior. This results in client-side code execution. The victim must follow a malicious link or be redirected there from malicious web site. There are no known patches.

Affected

3 ranges
VendorProductVersion rangeFixed in
erxeserxes< 0.22.30.22.3
erxeserxes0 – 1.0.1
npmerxes0.22.3 – 0.22.3

Detection & IOCsextracted from sources · hover to see the quote

sigma
alert(document.domain)
yara
window.erxesEnv
  • XSS payload executes alert(document.domain) in the context of the Erxes application; detect this string in HTTP responses from Erxes endpoints.
  • Presence of the JavaScript global 'window.erxesEnv' in a response body confirms the target is an Erxes instance; combine with XSS payload detection for high-confidence alerting.
  • Detection rule requires: XSS payload in body AND 'window.erxesEnv' in body AND Content-Type header contains 'text/html' AND HTTP 200 status code.
  • The vulnerability is triggered via a malicious link or redirect; monitor for reflected XSS patterns in HTTP responses from Erxes versions 0.22.3 and prior.
  • ·No patch is available for CVE-2021-32853 as of the time of publication; affected versions are 0.22.3 and prior.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.