CVE-2021-31673

MEDIUM

Cyclos < 4.14.7 - XSS

Title source: rule

Description

A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter.

Exploits (1)

exploitdb WRITEUP

by Tin Pham · textwebappsmultiple

https://www.exploit-db.com/exploits/50909

View Code ZIP pw:eip

References (3)

[Not Applicable] http://cyclos.com

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/167040/Cyclos-4.14.7-Cross-Site-Scripting.html

[Exploit, Third Party Advisory] https://tf1t.gitbook.io/mycve/cylos/cyclos-4.14.7-dom-based-cross-site-scripting-cve-2021-31673

Scores

CVSS v3 6.1

EPSS 0.0271

EPSS Percentile 85.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

cyclos/cyclos 4.0.0 - 4.14.7

Published May 02, 2022

Tracked Since Feb 18, 2026