CVE-2021-47725
EUVD-2025-20607831.12.2025, 19:15
STVS ProVision 5.9.10 contains a cross-site scripting vulnerability in the 'files' POST parameter that allows authenticated attackers to inject arbitrary HTML code. Attackers can exploit the unvalidated input to execute malicious scripts within a user's browser session in the context of the affected site.
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| stvs | provision | 5.9.10 | CNA |
| stvs | provision | 5.9.9 | CNA |
| stvs | provision | 5.9.7 | CNA |
| stvs | provision | 5.9.1 | CNA |
| stvs | provision | 5.9.0 | CNA |
| stvs | provision | 5.8.6 | CNA |
| stvs | provision | 5.7 | CNA |
| stvs | provision | 5.6 | CNA |
| stvs | provision | 5.5 | CNA |
References