What is CVE-2021-37573?

CVE-2021-37573 is a vulnerability in N/a. Published 2021-08-09.

Is CVE-2021-37573 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2021-37573

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page

EPSS: 0.519 (98.0th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

20142995/nuclei-templates
ARPSyndicate/cvemon
ARPSyndicate/kenzer-templates

References

www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-042.txt (x_refsource_MISC)
20210813 [SYSS-2021-042] TJWS - Reflected Cross-Site Scripting (CVE-2021-37573) (mailing-list, x_refsource_FULLDISC)
packetstormsecurity.com/files/163825/Tiny-Java-Web-Server-1.115-Cross-Site-Scri… (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-37573?: CVE-2021-37573 is a vulnerability in N/a. Published 2021-08-09.
Is CVE-2021-37573 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.