CVE-2021-47808

MEDIUM

Cotonti Siena - XSS

Title source: rule

Description

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.

Exploits (1)

exploitdb WORKING POC

by Fatih İLGİN · textwebappsphp

https://www.exploit-db.com/exploits/50016

View Code ZIP pw:eip

References (4)

[Exploit] https://www.exploit-db.com/exploits/50016

[Broken Link] https://cotonti.com

[Product] https://www.cotonti.com/download/

[Third Party Advisory] https://www.vulncheck.com/advisories/cotonti-siena-maintitle-stored-cross-site-scripting

Scores

CVSS v3 5.4

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

cotonti/cotonti_siena 0.9.19

cotonti.com/Cotonti Siena 0.9.19

Published Jan 16, 2026

Tracked Since Feb 18, 2026