Skip to main content

Ngeniusone CVE-2021-35199

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2021-09-30 cve@mitre.org
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Sep 30, 2021 - 18:15 nvd
MEDIUM 5.4

DescriptionNVD

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile.

AnalysisAI

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. Affected products include: Netscout Ngeniusone.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2023-26999 CRITICAL POC
9.8 Jan 09

An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of s

CVE-2025-32981 HIGH POC
7.1 Apr 25

NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. Rate

CVE-2023-27000 MEDIUM POC
6.1 Jan 09

Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary cod

CVE-2025-32985 CRITICAL
9.8 Apr 25

NETSCOUT nGeniusONE before 6.4.0 b2350 has Hardcoded Credentials that can be obtained from JAR files. Rated critical sev

CVE-2023-26998 MEDIUM POC
5.4 Jan 09

Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary cod

CVE-2025-32983 HIGH
7.5 Apr 25

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Technical Information Disclosure via a Stack Trace. Rated high severity (C

CVE-2025-32982 HIGH
7.5 Apr 25

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Broken Authorization Schema for the report module. Rated high severity (CVS

CVE-2025-32986 HIGH
7.5 Apr 25

NETSCOUT nGeniusONE before 6.4.0 b2350 has a Sensitive File Accessible Without Proper Authentication to an endpoint. Rat

CVE-2025-32979 MEDIUM
6.5 Apr 25

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Arbitrary File Creation by authenticated users. Rated medium severity (CVS

CVE-2021-35201 MEDIUM
6.5 Sep 30

NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. Rated medium severity (CVSS 6.5),

CVE-2025-32984 MEDIUM
6.1 Apr 25

NETSCOUT nGeniusONE before 6.4.0 b2350 allows Stored Cross-Site Scripting (XSS) via a certain POST parameter. Rated medi

CVE-2023-41170 MEDIUM
6.1 Dec 07

NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. Rated medium severity (CVSS

Share

CVE-2021-35199 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy