CVEs-PoC/2021/CVE-2021-42551.md

### [CVE-2021-42551](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42551)
![](https://img.shields.io/static/v1?label=Product&message=NetBiblio%20WebOPAC&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%204.0.0.320%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-site%20Scripting%20(XSS)&color=brighgreen)

### Description

Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions.

### POC

#### Reference
- https://www.redguard.ch/advisories/netbiblio_webopac.txt

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/compr00t/nuclei-templates
- https://github.com/compr00t/nuclei-templates/blob/main/CVE-2021-42551.yaml