Medium severity6.1NVD Advisory· Published Jul 19, 2021· Updated Jun 17, 2026
CVE-2021-34821
CVE-2021-34821
Description
Cross Site Scripting (XSS) vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL path filename is copied into the HTML document as plain text tags.
Affected products
2- AAT/AAT Novus Management Systemdescription
- Range: <=1.51.2
Patches
Vulnerability mechanics
References
1- seclists.org/fulldisclosure/2021/Jul/20nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.