CVE-2021-47843
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tagstoo | tagstoo | 2.0.1 |
| pabloandumundu | tagstoo | 2.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Tagstoo 2.0.1 contains a stored cross-site scripting (XSS) vulnerability that allows attackers to inject malicious payloads through files or custom tags. When a user opens a file or folder with such a malicious payload in Tagstoo, the payload executes arbitrary JavaScript code. This code can spawn system processes, access files, and perform remote code execution on the victim's computer with the privileges of the user running the application. [1]
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on your computer, allowing attackers to run arbitrary commands or programs with your user privileges. For example, attackers can execute system applications like calculators or exfiltrate sensitive files such as /etc/passwd to remote servers. This can compromise your system's security, privacy, and data integrity. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying malicious payloads embedded in files or custom tags within Tagstoo 2.0.1. Since the exploit uses JavaScript payloads executed upon opening files or folders, monitoring for suspicious <img> tags with onerror events or unusual script tags in tagged files can help detect exploitation attempts. Additionally, commands to check for suspicious processes spawned by Node.js internals or unexpected network connections (such as netcat exfiltration) can be used. For example, on Linux systems, you can use commands like `ps aux | grep gnome-calculator` to detect unexpected calculator processes or `netstat -anp | grep nc` to detect netcat connections. Also, scanning files for encoded payloads resembling `<img onerror=...>` tags may help identify malicious tags. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding opening files or folders tagged with untrusted or unknown sources in Tagstoo 2.0.1, as the vulnerability executes payloads upon opening. Restrict user privileges to limit the impact of potential code execution. Monitor and block suspicious network activity such as unexpected outbound connections initiated by the application. If possible, disable or restrict the use of custom tags or file tagging features until a patch or update is available. Additionally, consider using application whitelisting or sandboxing to limit the execution of unauthorized code. [1]