Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

1 vulnerability by cleidigh

CVE-2021-47768 (GCVE-0-2021-47768)

Vulnerability from cvelistv5 – Published: 2026-01-15 15:52 – Updated: 2026-01-15 18:27

Title

ImportExportTools NG 10.0.4 - HTML Injection

Summary

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data or session credentials.

Severity ?

5.3 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

VulnCheck

References

URL

Tags

	https://www.exploit-db.com/exploits/50496	exploit
	https://github.com/thundernest/import-export-tools-ng	product
	https://addons.thunderbird.net/en-US/thunderbird/…	product
	https://www.vulnerability-lab.com/get_content.php…	exploittechnical-description

Impacted products

	Vendor	Product	Version
	thundernest	ImportExportTools NG	Affected: 10.0.4

Credits

Vulnerability Lab

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47768",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-15T16:13:13.203284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-15T18:27:03.728Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/50496"
          },
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.vulnerability-lab.com/get_content.php?id=2308"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ImportExportTools NG",
          "vendor": "thundernest",
          "versions": [
            {
              "status": "affected",
              "version": "10.0.4"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Vulnerability Lab"
        }
      ],
      "datePublic": "2021-11-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data or session credentials."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-15T15:52:10.377Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-50496",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/50496"
        },
        {
          "name": "ImportExportTools NG GitHub Repository",
          "tags": [
            "product"
          ],
          "url": "https://github.com/thundernest/import-export-tools-ng"
        },
        {
          "name": "Thunderbird Addon Page",
          "tags": [
            "product"
          ],
          "url": "https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/"
        },
        {
          "name": "Vulnerability-Lab Disclosure",
          "tags": [
            "exploit",
            "technical-description"
          ],
          "url": "https://www.vulnerability-lab.com/get_content.php?id=2308"
        }
      ],
      "title": "ImportExportTools NG 10.0.4 - HTML Injection",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-47768",
    "datePublished": "2026-01-15T15:52:10.377Z",
    "dateReserved": "2026-01-14T14:39:44.735Z",
    "dateUpdated": "2026-01-15T18:27:03.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}