exploitDog

CVE-2021-47808

Опубликовано: 16 янв. 2026

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.

Ссылки

https://cotonti.com
Broken Link
https://www.cotonti.com/download/
Product
https://www.exploit-db.com/exploits/50016
Exploit
https://www.vulncheck.com/advisories/cotonti-siena-maintitle-stored-cross-site-scripting
Third Party Advisory
https://www.exploit-db.com/exploits/50016
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cotonti:cotonti_siena:0.9.19:-:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00031

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-gqqp-x5qv-896x

CVSS3: 7.2

github

23 дня назад

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.

EPSS

Процентиль: 8%

0.00031

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79