Unrated severityOSV Advisory· Published Jan 15, 2026· Updated Apr 7, 2026

Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting

CVE-2021-47808

Description

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.

Affected products

Cotonti/CotontiOSV2 versions
0.9.12, 0.9.12.1, 0.9.13, …+ 1 more
- (no CPE)range: 0.9.12, 0.9.12.1, 0.9.13, …
- (no CPE)range: =0.9.19

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/50016mitreexploit
www.vulncheck.com/advisories/cotonti-siena-maintitle-stored-cross-site-scriptingmitrethird-party-advisory
cotonti.commitreproduct
www.cotonti.com/download/mitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000