Login Sign Up

CVE-2021-39402

7.2 HIGH
Cross-Site Scripting

📋 TL;DR

MaianAffiliate v1.0 suffers from code injection vulnerability in the admin product addition feature. This allows attackers to inject malicious code that executes on the main affiliate page, affecting both authenticated and unauthenticated visitors. The vulnerability enables arbitrary code execution through the web interface.

💻 Affected Systems

Products:
  • MaianAffiliate
Versions: v1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to exploit initially, but payload affects all visitors.

📦 What is this software?

Maianaffiliate by Maianmedia

View all CVEs affecting Maianaffiliate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, data theft, defacement, and installation of backdoors or malware.

🟠

Likely Case

Website defacement, credential theft via XSS, affiliate data manipulation, and potential privilege escalation.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, potentially only minor data exposure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires admin credentials initially, but payload execution affects all users. Public proof-of-concept available on GitHub.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.maianscriptworld.co.uk/

Restart Required: No

Instructions:

No official patch available. Consider upgrading to newer version if available or implementing workarounds.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and output encoding for product addition fields

Implement server-side validation: filter_var($input, FILTER_SANITIZE_STRING);
Use htmlspecialchars() for output encoding

WAF Rule Implementation

all

Deploy web application firewall rules to block code injection attempts

ModSecurity rule: SecRule ARGS "@rx (<script|javascript:|on\w+=)" "id:1001,phase:2,deny"

🧯 If You Can't Patch

  • Restrict admin panel access to trusted IP addresses only
  • Implement Content Security Policy (CSP) headers to prevent script execution

🔍 How to Verify

Check if Vulnerable:

Check if running MaianAffiliate v1.0. Test by adding product with payload like <script>alert('test')</script> and visiting affiliate page.

Check Version:

Check version in admin panel or readme files. Look for 'MaianAffiliate v1.0' in source code.

Verify Fix Applied:

Verify input validation prevents script tags and special characters in product fields. Test payload execution fails.

📡 Detection & Monitoring

Log Indicators:

  • Unusual product additions with script tags or encoded payloads
  • Multiple failed login attempts to admin panel followed by product creation

Network Indicators:

  • HTTP POST requests to admin/product-add.php with suspicious payloads
  • Outbound connections from web server to unknown IPs

SIEM Query:

source="web_logs" AND (uri="/admin/product-add.php" AND (body CONTAINS "<script>" OR body CONTAINS "javascript:"))

📊 Metadata

CVE ID: CVE-2021-39402
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-94
Published: September 20, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-39402, you might also want to check these:

CVE-2025-62521 10.0

CVE-2025-62521 is a critical pre-authentication remote code execution vulnerability in ChurchCRM tha...

Same vulnerability type (CWE-94)
CVE-2026-26216 10.0

Crawl4AI versions before 0.8.0 contain an unauthenticated remote code execution vulnerability in the...

Same vulnerability type (CWE-94)
CVE-2021-22205 10.0

CVE-2021-22205 is a critical remote code execution vulnerability in GitLab CE/EE where improper vali...

Same vulnerability type (CWE-94)