CVE-2021-44667

MEDIUM

Nacos 2.0.3 - Cross-Site Scripting via Auth Users Page Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-44667. PoCs published by shoucheng3.

AI-analyzed exploit summary The repository contains the source code and documentation for Alibaba Nacos, a dynamic naming and configuration service platform. It does not include exploit code or a proof-of-concept for CVE-2021-44667.

Description

A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.

Exploits (1)

nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/alibaba__nacos_CVE-2021-44667_2-0-3

The repository contains the source code and documentation for Alibaba Nacos, a dynamic naming and configuration service platform. It does not include exploit code or a proof-of-concept for CVE-2021-44667.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Alibaba Nacos
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/alibaba/nacos/issues/7359

Scores

CVSS v3 6.1
EPSS 0.0022
EPSS Percentile 44.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
alibaba/nacos 2.0.3
com.alibaba.nacos/nacos-common 2.0.0-ALPHA.1 - 2.1.0-BETAMaven
Published Mar 11, 2022
Tracked Since Feb 18, 2026