CVE-2021-42551
published 2022-01-14CVE-2021-42551: Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site…
PriorityP339medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.67%
83.9th percentile
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| alcoda | netbiblio | < 4.0.0.320 | 4.0.0.320 |
| alcoda | netbiblio | >= 4.0.0.328 < 4.0.0.335 | 4.0.0.335 |
| alcoda | netbiblio_webopac | >= next of 4.0.0.328 < unspecified | unspecified |
| alcoda | netbiblio_webopac | >= unspecified < 4.0.0.320 | 4.0.0.320 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
NetBiblio WebOPAC - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2021-42551 [MEDIUM] NetBiblio WebOPAC - Cross-Site Scripting
NetBiblio WebOPAC - Cross-Site Scripting
NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter.
Template:
id: CVE-2021-42551
info:
name: NetBiblio WebOPAC - Cross-Site Scripting
author: compr00t
severity: medium
description: NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its Wikipedia module through /NetBiblio/search/shortview via the searchTerm parameter.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Upg
No writeups or analysis indexed.
2022-01-14
Published