CVE-2021-47920
Cross-Site Scripting in WebMO Job Manager Enables Session Hijacking
Publication date: 2026-02-01
Last updated on: 2026-02-01
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| webmo | webmo_job_manager | to 21.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2021-47920 is a reflected cross-site scripting (XSS) vulnerability in WebMO Job Manager version 20.0. It occurs because the application does not properly neutralize input in the search parameters 'filterSearch' and 'filterSearchType'. This allows remote attackers to inject malicious script code via crafted URLs, which is then executed in the victim's browser. The attack is non-persistent and can lead to session hijacking and external redirects. [1, 2]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to hijack user sessions, redirect users to malicious external websites, perform phishing attacks, and manipulate application modules. Exploitation requires minimal user interaction and no authentication, making it a significant risk for users of WebMO Job Manager 20.0. The injected scripts can execute arbitrary JavaScript in the victim's browser, potentially compromising user data and security. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the WebMO Job Manager's search functionality for reflected cross-site scripting (XSS) in the filterSearch and filterSearchType parameters. One way is to send crafted HTTP GET requests with script tags in these parameters and observe if the script is reflected and executed in the response. For example, you can use curl or a browser to send a request like: curl -v "https://<target>/cgi-bin/webmo/jobmgr.cgi?filterSearch=785101"><script>alert(1337)</script>&filterSearchType=" and check if the response contains the injected script code unescaped. Monitoring web server logs for suspicious requests containing script tags in these parameters can also help detect attempts to exploit this vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the WebMO Job Manager interface to trusted users only, applying input validation and sanitization on the filterSearch and filterSearchType parameters to prevent script injection, and updating WebMO Job Manager to a version where this vulnerability is fixed if available. Additionally, educating users to avoid clicking on suspicious links and monitoring for unusual activity can help reduce risk until a patch is applied. [1, 2]