CVE-2021-47858

HIGH

Genexis Platinum-4410 P4410-V2-1.31A - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-47858. PoCs published by Jithin KS.

AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in Genexis Platinum-4410 firmware version P4410-V2-1.31A. The vulnerability allows attackers to inject malicious scripts via the 'start_addr' parameter, affecting all privileged users.

Description

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page.

Exploits (1)

exploitdb WRITEUP
by Jithin KS · textwebappshardware
https://www.exploit-db.com/exploits/49709

This is a writeup describing a stored XSS vulnerability in Genexis Platinum-4410 firmware version P4410-V2-1.31A. The vulnerability allows attackers to inject malicious scripts via the 'start_addr' parameter, affecting all privileged users.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Genexis Platinum-4410 P4410-V2-1.31A
Auth required
Prerequisites: Access to the device's web interface · Valid credentials for authentication
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/49709

Scores

CVSS v3 7.2
EPSS 0.0024
EPSS Percentile 14.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
Genexis/Platinum-4410 Firmware 1.31A
Published Jan 21, 2026
Tracked Since Feb 18, 2026