CVE-2021-26832

MEDIUM

Priority Enterprise Management System v8.00 - Cross-Site Scripting via Reset Password Page

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-26832. PoCs published by NagliNagli.

AI-analyzed exploit summary This repository provides a detailed technical description of CVE-2021-26832, a Cross-Site Scripting (XSS) vulnerability in Priority Enterprise Management System v8.00. The vulnerability allows attackers to execute JavaScript on behalf of victims via a malicious URL or crafted webpage.

Description

Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site.

Exploits (1)

nomisec WRITEUP 5 stars

by NagliNagli · poc

https://github.com/NagliNagli/CVE-2021-26832

View Code ZIP pw:eip

This repository provides a detailed technical description of CVE-2021-26832, a Cross-Site Scripting (XSS) vulnerability in Priority Enterprise Management System v8.00. The vulnerability allows attackers to execute JavaScript on behalf of victims via a malicious URL or crafted webpage.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Priority Enterprise Management System v8.00

No auth needed

Prerequisites: Victim interaction (clicking a malicious link or visiting a crafted webpage)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory x_refsource_misc

https://github.com/NagliNagli/CVE-2021-26832

Scores

CVSS v3 6.1

EPSS 0.0021

EPSS Percentile 43.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

priority-software/priority_enterprise_management_system 8.00

Published Apr 14, 2021

Tracked Since Feb 18, 2026