CVE-2021-42664

MEDIUM

Engineers Online Portal - XSS

Title source: rule

Description

A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.

Exploits (3)

exploitdb WORKING POC

by Alon Leviev · textwebappsphp

https://www.exploit-db.com/exploits/50451

View Code ZIP pw:eip

nomisec WRITEUP

by 0xDeku · poc

https://github.com/0xDeku/CVE-2021-42664

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/thehackingrabbi/cve-2021-42664

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/164618/Engineers-Online-Portal-1.0-SQL-Injection.html

[Exploit, Third Party Advisory] https://github.com/TheHackingRabbi/CVE-2021-42664

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50451

[Product, Third Party Advisory] https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html

Scores

CVSS v3 5.4

EPSS 0.0189

EPSS Percentile 83.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

engineers_online_portal_project/engineers_online_portal 1.0

Published Nov 05, 2021

Tracked Since Feb 18, 2026