Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
3.5
CVSSv2

CVE-2021-42664

Published: 05/11/2021 Updated: 17/11/2021
CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 312
Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N
Subscribe to Engineers Online Portal Project

Vulnerability Summary

A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

engineers online portal project engineers online portal 1.0

Exploits

Exploit DB: Engineers Online Portal 1.0 Cross Site Scripting
Engineers Online Portal version 10 suffers from a persistent cross site scripting vulnerability ...

Github Repositories

https://github.com/0xDeku/CVE-2021-42664

CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system.

CVE-2021-42664 CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system Technical description: A stored XSS vulnerability exists in the Engineers online portal system An attacker can leverage this vulnerability in order to run javascript on the web server surfers behalf, which can lead to cookie stealing, defacement and more Affected c

https://github.com/TheHackingRabbi/CVE-2021-42664

CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system.

CVE-2021-42664 CVE-2021-42664 - Stored Cross-Site Scripting vulnerability in the Engineers online portal system Technical description: A stored XSS vulnerability exists in the Engineers online portal system An attacker can leverage this vulnerability in order to run javascript on the web server surfers behalf, which can lead to cookie stealing, defacement and more Affected c

References

CWE-79https://github.com/TheHackingRabbi/CVE-2021-42664https://www.sourcecodester.com/php/13115/engineers-online-portal-php.htmlhttps://www.exploit-db.com/exploits/50451http://packetstormsecurity.com/files/164618/Engineers-Online-Portal-1.0-SQL-Injection.htmlhttps://nvd.nist.govhttps://github.com/0xDeku/CVE-2021-42664https://packetstormsecurity.com/files/164617/Engineers-Online-Portal-1.0-Cross-Site-Scripting.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereferenceCVE-2023-52689CVE-2024-23803client sideCVE-2023-52696information disclosureCVE-2024-35843CVE-2024-27130CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook