CVE-2021-3395

MEDIUM

Pryaniki 6.44.3 - Authenticated Stored Cross-Site Scripting via File Upload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-3395. PoCs published by jet-pentest.

AI-analyzed exploit summary The repository provides a detailed description of CVE-2021-3395, an XSS vulnerability in Pryaniki 6.44.3, where authenticated users can upload malicious files that execute JavaScript when accessed. It includes technical details such as the attack vector, affected version, and vendor acknowledgment.

Description

A cross-site scripting (XSS) vulnerability in Pryaniki 6.44.3 allows remote authenticated users to upload an arbitrary file. The JavaScript code will execute when someone visits the attachment.

Exploits (1)

nomisec WRITEUP 1 stars

by jet-pentest · poc

https://github.com/jet-pentest/CVE-2021-3395

View Code ZIP pw:eip

The repository provides a detailed description of CVE-2021-3395, an XSS vulnerability in Pryaniki 6.44.3, where authenticated users can upload malicious files that execute JavaScript when accessed. It includes technical details such as the attack vector, affected version, and vendor acknowledgment.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Pryaniki 6.44.3

Auth required

Prerequisites: Authenticated access to the application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory x_refsource_misc

https://github.com/jet-pentest/CVE-2021-3395/

View Writeup ZIP pw:eip

Product, Vendor Advisory x_refsource_misc

https://pryaniky.com/en/home/

Scores

CVSS v3 5.4

EPSS 0.0075

EPSS Percentile 50.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

pryaniki/pryaniki 6.44.3

Published Feb 02, 2021

Tracked Since Feb 18, 2026