CVE-2021-42551
MEDIUM NUCLEIAlCoda NetBiblio WebOPAC < 4.0.0.320 - Unauthenticated Reflected Cross-Site Scripting via Search Functionality
Title source: llmExploitation Summary
CVE-2021-42551 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.
Nuclei Templates (1)
NetBiblio WebOPAC - Cross-Site Scripting
MEDIUMby compr00t
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://www.redguard.ch/advisories/netbiblio_webopac.txt
Scores
CVSS v3
6.1
EPSS
0.0267
EPSS Percentile
83.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
alcoda/netbiblio
< 4.0.0.320
Published
Jan 14, 2022
Tracked Since
Feb 18, 2026