CVE-2021-41318
CVE-2021-41318
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Proof of concept
Public proof of concept exists, but not yet automated.
CVSS —EPSS 5.9%KEV nãoPoC públicaNuclei —Metasploit —Patch —
Lifecycle
28 Sep 2021Published on NVD
01 Oct 2021Public PoC
Weaponization speed
2 daysto first PoC
Weaponized quickly — attackers prioritized this vulnerability. Patch urgently.
Recommendation: Plan a near-term fix — a public PoC already exists.
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencepacketstormsecurity.com/files/164359/WhatsUpGold-21.0.3-Cross-Site-Scripting.htmlunverifiedexploitdbwww.exploit-db.com/exploits/50366unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.