What is CVE-2021-47925?

CVE-2021-47925 is a medium-severity vulnerability in Cmdbuild, classified under Cross-site Scripting. CVSS score: 6.4/10. Published 2026-05-10.

How severe is CVE-2021-47925?

Medium severity. CVSS v3 base score is 6.4 out of 10.

XSS in Cmdbuild

CVE-2021-47925

CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file upload endpoints. Attackers can inject XSS p…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Cmdbuild — versions CMDBuild 3.3.2

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

ExploitDB-50527 (exploit)
Official Product Homepage (product)
Product Reference (product)
VulnCheck Advisory: CMDBuild 3.3.2 Multiple Stored Cross-Site Scripting (third-party-advisory)

Frequently asked questions

What is CVE-2021-47925?: CVE-2021-47925 is a medium-severity vulnerability in Cmdbuild, classified under Cross-site Scripting. CVSS score: 6.4/10. Published 2026-05-10.
How severe is CVE-2021-47925?: Medium severity. CVSS v3 base score is 6.4 out of 10.