CVE-2021-27887— Stored XSS vulnerability in Ellipse APM

CVSS 6.3 · Medium EPSS 0.27% · P51 Updated Feb 25, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-27887

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Stored XSS vulnerability in Ellipse APM

Source: NVD (National Vulnerability Database)

Vulnerability Description

Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

NVMS ABB Ability Ellipse APM 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

NVMS ABB Ability Ellipse APM是泰国NVMS公司的一个应用软件。提供运行状况和性能见解，以防止关键资产故障，同时优化资产生命周期成本。 Ellipse APM versions 5.3.0.1之前版本， 5.2.0.3， and 5.1.0.6 存在跨站脚本漏洞，该漏洞允许经过身份验证的用户或集成的应用程序向应用程序注入恶意数据，然后可以在受害者的浏览器中执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2021-27887

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-27887

请登录查看更多情报信息。

Same Patch Batch · n/a · 2021-06-14 · 6 CVEs total

CVE-2021-26845	7.5 HIGH	eSOMS Report Function Vulnerability
CVE-2021-27196	7.5 HIGH	Specially Crafted IEC 61850 Protocol Sequence Vulnerability
CVE-2021-0324		Google Android 安全漏洞
CVE-2021-0467		Google Android 缓冲区错误漏洞
CVE-2021-34693		Linux基金会 Linux kernel 安全漏洞

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2021-27887

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-27887— Stored XSS vulnerability in Ellipse APM

I. Basic Information for CVE-2021-27887

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-27887

III. Intelligence Information for CVE-2021-27887

Same Patch Batch · n/a · 2021-06-14 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-27887

Leave a comment