CVE-2021-26710

MEDIUM NUCLEI

Redwood Report2web - XSS

Title source: rule

Description

A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.

Nuclei Templates (1)

Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting

MEDIUMby pikpikcu

References (2)

[Exploit, Third Party Advisory] https://vict0ni.me/redwood-report2web-xss-and-frame-injection/

[Broken Link] https://vict0ni.me/report2web-xss-frame-injection.html

Scores

CVSS v3 6.1

EPSS 0.2105

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

redwood/report2web 4.3.4.5

redwood/report2web 4.5.3

Published Feb 05, 2021

Tracked Since Feb 18, 2026