CVE-2021-39408

MEDIUM

Online Student Rate System 1.0 - Cross-Site Scripting via Index.php Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-39408. PoCs published by StefanDorresteijn.

AI-analyzed exploit summary The repository describes a reflected XSS vulnerability in the Online Student Rate System application, where the `page` parameter in `index.php` is vulnerable to arbitrary JavaScript execution. The README provides a clear example of the exploit but does not include functional exploit code.

Description

Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file

Exploits (1)

nomisec WRITEUP
by StefanDorresteijn · poc
https://github.com/StefanDorresteijn/CVE-2021-39408

The repository describes a reflected XSS vulnerability in the Online Student Rate System application, where the `page` parameter in `index.php` is vulnerable to arbitrary JavaScript execution. The README provides a clear example of the exploit but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Online Student Rate System version 1.0
No auth needed
Prerequisites: Access to the vulnerable `index.php` page
MITRE ATT&CK
mistral-large-3 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/StefanDorresteijn/CVE-2021-39408

Scores

CVSS v3 6.1
EPSS 0.0126
EPSS Percentile 66.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
online_student_rate_system_project/online_student_rate_system 1.0
Published Jun 24, 2022
Tracked Since Feb 18, 2026