CVE-2021-29663 — MEDIUM (4.8)

Vulnerability Description

CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever anyone visits the registration page.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Course Registration Management System Project	Course Registration Management System	2.1

Related Weaknesses (CWE)

CWE-79

References

http://sourceforge.net/projects/coursemsProductThird Party Advisory
https://github.com/cptsticky/A-0day-Per-Day-Keeps-The-Cope-Away/blob/main/CVE-20ExploitThird Party Advisory
http://sourceforge.net/projects/coursemsProductThird Party Advisory
https://github.com/cptsticky/A-0day-Per-Day-Keeps-The-Cope-Away/blob/main/CVE-20ExploitThird Party Advisory

FAQ

What is CVE-2021-29663?

CVE-2021-29663 is a vulnerability with a CVSS score of 4.8 (MEDIUM). CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin...

How severe is CVE-2021-29663?

CVE-2021-29663 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-29663?

Check the references section above for vendor advisories and patch information. Affected products include: Course Registration Management System Project Course Registration Management System.