CVE-2021-47768
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| thundernest | importexporttools_ng | 10.0.4 |
| thundernest | importexporttools_ng | From 68 (inc) to 128 (inc) |
| thundernest | importexporttools_ng | From 140 (inc) to 144 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47768 is a persistent HTML injection vulnerability in ImportExportTools NG version 10.0.4, an add-on for Mozilla Thunderbird. The vulnerability occurs because the email subject content is not properly sanitized or encoded during HTML export. This allows a remote attacker to send an email with malicious HTML code embedded in the subject line. When the victim exports their inbox content to HTML using the vulnerable add-on, the malicious HTML payload executes, potentially compromising user data or session credentials. [2, 3]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing remote attackers to execute malicious HTML payloads when you export your emails to HTML using ImportExportTools NG 10.0.4. The execution of these payloads can lead to compromise of application data or session credentials, potentially exposing sensitive information or allowing further attacks. The attack requires no authentication and only low user interaction (exporting inbox content). [2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a crafted email with malicious HTML payload embedded in the subject line to the target user's inbox. Then, export the inbox content to HTML using ImportExportTools NG version 10.0.4 and observe if the malicious payload executes during the HTML preview. There are no specific network or system commands provided to detect this vulnerability automatically. The detection involves manual testing of the export functionality with crafted emails. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the use of ImportExportTools NG version 10.0.4 for HTML exports until a fixed version is available. Restrict or sanitize special characters in email subjects before export. Ensure that all output visible in the subject field during export is properly encoded and securely sanitized to prevent execution of injected HTML. Monitoring for updates or patches from the vendor and applying them promptly is also recommended. [2, 3]