CVE-2021-47925— CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-47925
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS payloads through Employee card parameters or SVG file attachments in the classes endpoint, which execute when other users view the affected records or preview attachments.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-47925
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-47925
Please Login to view more intelligence information
- Latest version — CMDBuildproduct
- Home — CMDBuildproduct
- CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting | Advisories | VulnCheckthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-47925
IV. Related Vulnerabilities
Same weakness: CWE-79
- CVE-2026-8255
Devs Palace ERP Online add_new_customer cross site scripting - CVE-2026-8254
Devs Palace ERP Online sales_save cross site scripting - CVE-2026-8253
Devs Palace ERP Online purchase_save cross site scripting - CVE-2021-47950
Advanced Guestbook 2.4.4 Persistent XSS via Smilies - CVE-2021-47951
WordPress Picture Gallery 1.4.2 Stored XSS via Edit Content
V. Comments for CVE-2021-47925
No comments yet