CVE-2021-47725

MEDIUM WAF: High

CVSS 5.4 Published: 2025-12-31

CWE-79

STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affected site.

WAF Coverage Analysis

Cross-Site Scripting (XSS) High WAF Coverage

OWASP: A03:2021 Injection

941xxx - XSS / XXE

References

cxsecurity.com
exchange.xforce.ibmcloud.com
packetstormsecurity.com
stvs.com
www.vulncheck.com
www.zeroscience.mk

Back to CVE Database