CVE-2021-47795

MEDIUM
2026-01-16 [email protected]
6.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 16, 2026 - 15:55 vuln.today
Public exploit code
CVE Published
Jan 16, 2026 - 00:16 nvd
MEDIUM 6.2

Tags

RCE XSS Lfi Path Traversal

Description

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.

Analysis

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. [CVSS 6.2 MEDIUM]

Technical Context

Classified as CWE-22 (Path Traversal). GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through improper input sanitization. Attackers can exploit the WebStrings.srf endpoint by manipulating path traversal and injection parameters to access system files and execute malicious scripts.

Affected Products

GeoVision GeoWebServer 5.3.3 contains multiple vulnerabilities including local file inclusion, cross-site scripting, and remote code execution through

Remediation

Monitor vendor advisories for a patch. Implement output encoding and Content Security Policy headers.

Priority Score

51
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +31
POC: +20

Share

CVE-2021-47795 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy