CVE-2021-26711

MEDIUM

Redwood Report2Web 4.3.4.5 - XSS

Title source: llm

Description

A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers to render an external resource inside a frame via the help/Online_Help/NetHelp/default.htm turl parameter.

References (2)

[Broken Link] https://vict0ni.me/report2web-xss-frame-injection.html

[Exploit, Third Party Advisory] https://vict0ni.me/redwood-report2web-xss-and-frame-injection/

Scores

CVSS v3 5.3

EPSS 0.0026

EPSS Percentile 49.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-610

Status published

Products (1)

redwood/report2web 4.3.4.5

Published Feb 05, 2021

Tracked Since Feb 18, 2026