CVE-2021-43932 CRITICAL

CVE-2021-43932: Elcomplus SmartPtt Cross-site Scripting

Vendor Elcomplus

Product SmartPTT

Weakness CWE-79 · XSS

Published April 28, 2022

Last update April 16, 2025

View on NVD All CVEs

CVSS base score

9.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page.

Key dates

02Disclosure timeline

April 28, 2022 CVE published

April 16, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-43932 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2020-35037 Events Manager < 5.9.8 - Cross-Site Scripting (XSS) CVE-2025-3469 i18n XSS vulnerability in HTMLMultiSelectField when sections are used CVE-2025-69317 WordPress CarSpot theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-7408 SourceCodester Zoo Management System animal_form_template.php cross site scripting CVE-2024-13586 Masy Gallery <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting