Search criteria
1 vulnerability by cotonti.com
CVE-2021-47808 (GCVE-0-2021-47808)
Vulnerability from cvelistv5 – Published: 2026-01-15 23:25 – Updated: 2026-04-07 14:06
VLAI
Title
Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting
Summary
Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.
Severity
5.4 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50016 | exploit |
| https://cotonti.com | product |
| https://www.cotonti.com/download/ | product |
| https://www.vulncheck.com/advisories/cotonti-sien… | third-party-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| cotonti.com | Cotonti Siena |
Affected:
0.9.19
|
Date Public
2021-06-16 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-47808",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:06:31.960148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T21:11:34.223Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50016"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cotonti Siena",
"vendor": "cotonti.com",
"versions": [
{
"status": "affected",
"version": "0.9.19"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cotonti:cotonti_siena:0.9.25:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Fatih \u0130LG\u0130N"
}
],
"datePublic": "2021-06-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel\u0027s site title parameter. Attackers can inject malicious JavaScript code through the \u0027maintitle\u0027 parameter to execute scripts when administrators view the page."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T14:06:15.163Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-50016",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/50016"
},
{
"name": "Vendor Homepage",
"tags": [
"product"
],
"url": "https://cotonti.com"
},
{
"name": "Software Download",
"tags": [
"product"
],
"url": "https://www.cotonti.com/download/"
},
{
"name": "VulnCheck Advisory: Cotonti Siena 0.9.19 - \u0027maintitle\u0027 Stored Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/cotonti-siena-maintitle-stored-cross-site-scripting"
}
],
"title": "Cotonti Siena 0.9.19 - \u0027maintitle\u0027 Stored Cross-Site Scripting",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2021-47808",
"datePublished": "2026-01-15T23:25:51.952Z",
"dateReserved": "2026-01-14T14:39:44.740Z",
"dateUpdated": "2026-04-07T14:06:15.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}