Security Advisory

CVE-2021-34821

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-07-19 17:21:28

Last updated 2024-08-04 00:26:54

Assigner mitre

State PUBLISHED

Description

Cross Site Scripting (XSS) vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL path filename is copied into the HTML document as plain text tags.

← Browse all CVEs View on cve.org ↗