What is CVE-2021-31537?

CVE-2021-31537 is a vulnerability in N/a. Published 2021-05-11.

Is CVE-2021-31537 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-31537

SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).

EPSS: 0.882 (99.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates
Elsfa7-110/kenzer-templates
d4n-sec/d4n-sec.github.io

References

sisinformatik.com/rewe-go/ (x_refsource_MISC)
sec-consult.com/vulnerability-lab/advisory/reflected-xss-sis-infromatik-rewe-go… (x_refsource_MISC)
seclists.org/fulldisclosure/2021/May/20 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-31537?: CVE-2021-31537 is a vulnerability in N/a. Published 2021-05-11.
Is CVE-2021-31537 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.