Details of VAR-202107-0562

ID

VAR-202107-0562

CVE

CVE-2021-21803

TITLE

Advantech R-SeeNet Cross-site scripting vulnerabilities in web applications

Trust: 0.8

sources: JVNDB: JVNDB-2021-009585

DESCRIPTION

This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Advantech R-SeeNet is an industrial monitoring software developed by China Taiwan Advantech Company. The software monitors the platform based on the snmp protocol, and is suitable for Linux and Windows platforms

Trust: 2.34

sources: NVD: CVE-2021-21803 // JVNDB: JVNDB-2021-009585 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-380207 // VULMON: CVE-2021-21803

AFFECTED PRODUCTS

vendor:	advantech	model:	r-seenet	scope:	eq	version:	2.4.12	Trust: 1.0
vendor:	アドバンテック株式会社	model:	r-seenet	scope:	eq	version:	-	Trust: 0.8
vendor:	アドバンテック株式会社	model:	r-seenet	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-009585 // NVD: CVE-2021-21803

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-21803
value:	MEDIUM
Trust: 1.0
talos-cna@cisco.com:	CVE-2021-21803
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-21803
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202107-1100
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380207
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-21803
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-21803
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380207
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-21803
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2021-21803
baseSeverity:	CRITICAL
baseScore:	9.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2021-21803
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380207 // VULMON: CVE-2021-21803 // JVNDB: JVNDB-2021-009585 // CNNVD: CNNVD-202107-1100 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-21803 // NVD: CVE-2021-21803

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.1
problemtype:	Cross-site scripting (CWE-79) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380207 // JVNDB: JVNDB-2021-009585 // NVD: CVE-2021-21803

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1100

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202107-1100

PATCH

title:	Top Page	url:	https://www.advantech.com/	Trust: 0.8
title:	Advantech R-SeeNet Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157181	Trust: 0.6
title:	Kenzer Templates [5170] [DEPRECATED]	url:	https://github.com/ARPSyndicate/kenzer-templates	Trust: 0.1

sources: VULMON: CVE-2021-21803 // JVNDB: JVNDB-2021-009585 // CNNVD: CNNVD-202107-1100

EXTERNAL IDS

db:	NVD	id:	CVE-2021-21803	Trust: 3.4
db:	TALOS	id:	TALOS-2021-1272	Trust: 2.6
db:	JVNDB	id:	JVNDB-2021-009585	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-1100	Trust: 0.7
db:	CS-HELP	id:	SB2021071609	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULHUB	id:	VHN-380207	Trust: 0.1
db:	VULMON	id:	CVE-2021-21803	Trust: 0.1

sources: VULHUB: VHN-380207 // VULMON: CVE-2021-21803 // JVNDB: JVNDB-2021-009585 // CNNVD: CNNVD-202107-1100 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-21803

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2021-1272	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-21803	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021071609	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/arpsyndicate/kenzer-templates	Trust: 0.1

sources: VULHUB: VHN-380207 // VULMON: CVE-2021-21803 // JVNDB: JVNDB-2021-009585 // CNNVD: CNNVD-202107-1100 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-21803

CREDITS

Member of Cisco Talos team

Trust: 0.6

sources: CNNVD: CNNVD-202107-1100

SOURCES

db:	VULHUB	id:	VHN-380207
db:	VULMON	id:	CVE-2021-21803
db:	JVNDB	id:	JVNDB-2021-009585
db:	CNNVD	id:	CNNVD-202107-1100
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-21803

LAST UPDATE DATE

2024-08-14T13:04:02.838000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380207	date:	2022-09-30T00:00:00
db:	VULMON	id:	CVE-2021-21803	date:	2022-09-30T00:00:00
db:	JVNDB	id:	JVNDB-2021-009585	date:	2022-05-11T04:55:00
db:	CNNVD	id:	CNNVD-202107-1100	date:	2021-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-21803	date:	2022-09-30T02:51:01.540

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380207	date:	2021-07-16T00:00:00
db:	VULMON	id:	CVE-2021-21803	date:	2021-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2021-009585	date:	2022-05-11T00:00:00
db:	CNNVD	id:	CNNVD-202107-1100	date:	2021-07-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-21803	date:	2021-07-16T11:15:09.833