CVE-2021-46073
published 2022-01-06CVE-2021-46073: A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
PriorityP426medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EXPLOIT
EPSS
2.76%
84.4th percentile
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vehicle_service_management_system_project | vehicle_service_management_system | <= 1.0 | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Vehicle Service Management System 1.0 - Cross Site Scripting
nuclei·CVSS 4.8
CVE-2021-46073 [MEDIUM] Vehicle Service Management System 1.0 - Cross Site Scripting
Vehicle Service Management System 1.0 - Cross Site Scripting
Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.
Template:
id: CVE-2021-46073
info:
name: Vehicle Service Management System 1.0 - Cross Site Scripting
author: TenBird
severity: medium
description: |
Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login panel.
impact: |
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://
No writeups or analysis indexed.
https://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSShttps://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xsshttps://github.com/plsanu/Vehicle-Service-Management-System-User-List-Stored-Cross-Site-Scripting-XSShttps://www.plsanu.com/vehicle-service-management-system-user-list-stored-cross-site-scripting-xss
2022-01-06
Published