VYPR
High severity8.7NVD Advisory· Published Jul 10, 2023· Updated Jun 17, 2026

CVE-2021-42083

CVE-2021-42083

Description

An authenticated attacker is able to create alerts that trigger a stored XSS attack.

POC

  • go to the alert manager
  • open the ITSM tab
  • add a webhook with the URL/service token value

' -h && id | tee /tmp/ttttttddddssss #' (whitespaces are tab characters)

  • click add
  • click apply
  • create a test alert
  • The test alert will run the command

“id | tee /tmp/ttttttddddssss” as root.

  • after the test alert inspect

/tmp/ttttttddddssss it'll contain the ids of the root user.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.