Cross-Site Scripting Vulnerability in STVS ProVision by STVS
CVE-2021-47725
Key Information:
- Vendor
Stvs Sa
- Status
- Vendor
- CVE Published:
- 31 December 2025
Badges
What is CVE-2021-47725?
STVS ProVision version 5.9.10 is susceptible to a cross-site scripting (XSS) vulnerability allowing authenticated attackers to manipulate the 'files' POST parameter. This weakness enables the injection of arbitrary HTML code, resulting in the execution of malicious scripts in the user's browser session within the context of the compromised site. Proper input validation and sanitization are essential to mitigate such risks.
Affected Version(s)
STVS ProVision 5.9.10
STVS ProVision 5.9.9
STVS ProVision 5.9.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved