CVE-2021-47725
📋 TL;DR
This cross-site scripting vulnerability in STVS ProVision 5.9.10 allows authenticated attackers to inject malicious HTML/JavaScript code via the 'files' POST parameter. The unvalidated input enables script execution within victim browsers, potentially compromising user sessions and data. Only authenticated users can exploit this vulnerability.
💻 Affected Systems
- STVS ProVision
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or install malware on user systems.
Likely Case
Session hijacking leading to unauthorized access, data theft, or defacement of the application interface.
If Mitigated
Limited impact with proper input validation and output encoding, though some functionality disruption possible.
🎯 Exploit Status
Exploit details and proof-of-concept code are publicly available; requires authentication but simple to execute.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: https://stvs.com/
Restart Required: No
Instructions:
Check vendor website for security updates; apply any available patches following vendor documentation.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side validation to sanitize the 'files' parameter input
Not applicable - requires code modification
Web Application Firewall Rules
allConfigure WAF to block XSS patterns in POST requests to the vulnerable endpoint
WAF-specific configuration commands
🧯 If You Can't Patch
- Implement Content Security Policy headers to restrict script execution
- Require multi-factor authentication to reduce impact of session hijacking
🔍 How to Verify
Check if Vulnerable:
Test by submitting HTML/JavaScript payloads in the 'files' POST parameter and checking for executionCheck Version:
Check application version in admin interface or configuration filesVerify Fix Applied:
Verify input validation prevents script execution and output is properly encoded📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to files parameter with script tags or JavaScript code
- Multiple failed authentication attempts followed by successful login
Network Indicators:
- HTTP POST requests containing script payloads in files parameter
- Unexpected redirects or external resource loads
SIEM Query:
source="web_logs" AND method="POST" AND uri="*files*" AND (content="<script>" OR content="javascript:")🔗 References
- https://cxsecurity.com/issue/WLB-2021010188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/195723
- https://packetstormsecurity.com/files/161158/STVS-ProVision-5.9.10-Cross-Site-Scripting.html
- https://stvs.com/
- https://www.vulncheck.com/advisories/stvs-provision-authenticated-reflected-cross-site-scripting-via-files-parameter
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5624.php
