CVE-2021-45425

MEDIUM

SAFARI Montage 8.3 and 8.5 - Reflected Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-45425. PoCs published by Momen Eldawakhly.

AI-analyzed exploit summary This exploit demonstrates a reflected XSS vulnerability in SAFARI Montage 8.5 via the 'cmd' parameter in redirect.php. The payload injects a script tag to execute arbitrary JavaScript, specifically an alert displaying the document.cookie.

Description

Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes.

Exploits (1)

exploitdb WORKING POC

by Momen Eldawakhly · textwebappsphp

https://www.exploit-db.com/exploits/50626

View Code ZIP pw:eip

This exploit demonstrates a reflected XSS vulnerability in SAFARI Montage 8.5 via the 'cmd' parameter in redirect.php. The payload injects a script tag to execute arbitrary JavaScript, specifically an alert displaying the document.cookie.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SAFARI Montage 8.3 and 8.5

No auth needed

Prerequisites: Access to the vulnerable redirect.php endpoint

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://drive.google.com/file/d/1IgGyzU_ekMZf8yWq46DwtIaVsBf3gt2U/view?usp=sharing

Third Party Advisory x_refsource_misc

https://drive.google.com/file/d/1yVuCfovUpqwp6KKZW1togf5PigxXQ3dh/view?usp=sharing

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/165439/Safari-Montage-8.5-Cross-Site-Scripting.html

Scores

CVSS v3 6.1

EPSS 0.0339

EPSS Percentile 87.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

safarimontage/safari_montage 8.3

safarimontage/safari_montage 8.5

Published Dec 28, 2021

Tracked Since Feb 18, 2026