CVE-2021-47743

Name of the Vulnerable Software and Affected Versions COMMAX Biometric Access Control System version 1.0.0

Description The COMMAX Biometric Access Control System is affected by a reflected cross-site scripting issue that does not require authentication. The issue resides in cookie parameters CMX ADMIN NM and CMX COMPLEX NM. An attacker can inject malicious HTML and JavaScript code into these cookie values, leading to the execution of arbitrary scripts within a victim’s browser session.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider sanitizing the CMX ADMIN NM and CMX COMPLEX NM cookie parameters to prevent the injection of malicious code.