CVE-2021-47858

HIGH

Genexis Platinum-4410 P4410-V2-1.31A - XSS

Title source: llm

Description

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page.

Exploits (1)

exploitdb WRITEUP

by Jithin KS · textwebappshardware

https://www.exploit-db.com/exploits/49709

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/49709

[Various Sources] https://genexis.eu/product/platinum-series/

[Third Party Advisory] https://www.vulncheck.com/advisories/genexis-platinum-p-a-startaddr-persistent-cross-site-scripting

Scores

CVSS v3 7.2

EPSS 0.0004

EPSS Percentile 12.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (1)

Genexis/Platinum-4410 Firmware 1.31A

Published Jan 21, 2026

Tracked Since Feb 18, 2026