CVE-2021-47808

MEDIUM 5.4

Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page.

CWE	CWE-79
Vendor	cotonti.com
Product	cotonti siena
Published	Jan 15, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for cotonti.com cotonti siena

Be the first to know when new medium vulnerabilities affecting cotonti.com cotonti siena are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

cotonti.com / Cotonti Siena

0.9.19

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50016 cotonti.com: https://cotonti.com cotonti.com: https://www.cotonti.com/download/ vulncheck.com: https://www.vulncheck.com/advisories/cotonti-siena-maintitle-stored-cross-site-scripting

Credits

Fatih İLGİN