cbcvebase.
CVE-2021-42551
published 2022-01-14

CVE-2021-42551: Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site…

PriorityP339medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
2.67%
83.9th percentile
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.

Affected

4 ranges
VendorProductVersion rangeFixed in
alcodanetbiblio< 4.0.0.3204.0.0.320
alcodanetbiblio>= 4.0.0.328 < 4.0.0.3354.0.0.335
alcodanetbiblio_webopac>= next of 4.0.0.328 < unspecifiedunspecified
alcodanetbiblio_webopac>= unspecified < 4.0.0.3204.0.0.320

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.