CVE-2021-45026

MEDIUM

ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-45026. PoCs published by JetP1ane.

AI-analyzed exploit summary This PoC exploits CVE-2021-45026 in Rocket Software's Zena application by leveraging a stored XSS vulnerability to achieve remote code execution (RCE). It logs in using default credentials, injects an XSS payload, and uses the stolen session to execute commands via Zena's REST API.

Description

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).

Exploits (1)

nomisec WORKING POC 4 stars
by JetP1ane · poc
https://github.com/JetP1ane/Zena-CVE-2021-45026

This PoC exploits CVE-2021-45026 in Rocket Software's Zena application by leveraging a stored XSS vulnerability to achieve remote code execution (RCE). It logs in using default credentials, injects an XSS payload, and uses the stolen session to execute commands via Zena's REST API.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Rocket Software Zena v4.2.1
Auth required
Prerequisites: Default credentials for Zena webconfig · Victim interaction to trigger XSS payload
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Broken Link, URL Repurposed x_refsource_misc
http://asg-zena.com
Product
http://asg.com

Scores

CVSS v3 6.1
EPSS 0.0148
EPSS Percentile 70.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
rocketsoftware/ags-zena 4.2.1
Published Jun 17, 2022
Tracked Since Feb 18, 2026