CVE-2021-34821

Name of the Vulnerable Software and Affected Versions: AAT Novus Management System versions through 1.51.2

Description: A Cross Site Scripting (XSS) issue exists due to incorrect HTTP 404 error handling in the WebUI. This allows a remote, unauthenticated attacker to potentially exploit the issue by sending malicious HTTP requests to non-existing URIs. The filename from the URL path is copied into the HTML document as plain text tags, which can be used for malicious purposes.

Recommendations: For versions through 1.51.2, update to a version that addresses the incorrect HTTP 404 error handling to prevent exploitation of the XSS issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.