CVE-2021-44196

XSS in UBIT Information Technologies Student Information Management System

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before 20211126.

*Credits: Oğuzhan KARA

CVSS Scores

Computer Emergency Response Team of the Republic of Turkeyv3.1 6.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-11-24 CVE Reserved
2023-03-07 CVE Published
2024-08-04 CVE Updated
2024-09-27 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CAPEC

CAPEC-63: Cross-Site Scripting (XSS)

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.usom.gov.tr/bildirim/tr-23-0131	2023-09-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ubit Search vendor "Ubit"		Student Information Management System Search vendor "Ubit" for product "Student Information Management System"				< 20211126 Search vendor "Ubit" for product "Student Information Management System" and version " < 20211126"		-		Affected