CVE-2021-47858

Description

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-21 | Updated 2026-01-22 | Assigner VulnCheck

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Credits

Jithin KS finder

References

www.exploit-db.com/exploits/49709 (ExploitDB-49709) exploit

genexis.eu/product/platinum-series/ (Genexis Product Page) product

www.vulncheck.com/...artaddr-persistent-cross-site-scripting (VulnCheck Advisory: Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting) third-party-advisory

cve.org (CVE-2021-47858)

nvd.nist.gov (CVE-2021-47858)

Download JSON