CVE-2021-47725
Unknown Unknown - Not Provided
Cross-Site Scripting in STVS ProVision 5.9.10 'files' Parameter

Publication date: 2025-12-31

Last updated on: 2025-12-31

Assigner: VulnCheck

Description
STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affected site.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-31
Last Modified
2025-12-31
Generated
2026-05-07
AI Q&A
2025-12-31
EPSS Evaluated
2026-05-05
NVD
CVE-2021-47725
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
stvs provision 5.7
stvs provision 5.5
stvs provision 5.6
stvs provision 5.9.10
stvs provision 5.8
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2021-47725 is an authenticated reflected Cross-Site Scripting (XSS) vulnerability in STVS ProVision versions 5.5 through 5.9.10. It occurs because the 'files' POST parameter does not properly sanitize input, allowing authenticated attackers to inject arbitrary HTML or script code. This malicious code can then execute within the context of the affected web application in a user's browser session, potentially compromising user interactions with the site. [1, 2, 3]


How can this vulnerability impact me? :

This vulnerability can allow an authenticated attacker to execute malicious scripts in the context of a user's browser session on the affected site. This can lead to session hijacking, theft of sensitive information, or performing actions on behalf of the user without their consent. Since the attack requires authentication and user interaction, the risk is medium, but it can compromise user trust and security within the application. [1, 2, 3]


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability can be detected by sending an authenticated POST request to the /archive/download endpoint with the 'files' parameter containing a script payload, such as `<script>alert(document.URL)</script>`. If the script executes in the user's browser session, the vulnerability is present. A sample command using curl would be: `curl -X POST -d "files=<script>alert(document.URL)</script>" -b cookie.txt https://target-site/archive/download` where cookie.txt contains authentication cookies. Monitoring for unusual POST requests to the 'files' parameter and inspecting responses for reflected script code can also help detect exploitation attempts. [3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the affected STVS ProVision application to trusted users only, ensuring that only authenticated users can access the system, and monitoring for suspicious POST requests to the 'files' parameter. Applying any available patches or updates from the vendor is recommended once available. Additionally, implementing web application firewall (WAF) rules to block or sanitize input to the 'files' POST parameter can help prevent exploitation. [1, 2, 3]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart