By combining AI with human insight, Armis Vulnerability Intelligence Database offers extended coverage for vulnerabilities that matter to you, your industry, and provides you with clear remediation instructions.
Loading CVE list…
CVE Name
Severity Score
Published Date
CISA KEV
Take These Insights to the Next Level
Armis now offers direct API access to Armis Vulnerability Intelligence Database through the AWS Marketplace, transforming it from a powerful research tool into an integrated component of your proactive security posture.
Seamless Integration: Directly feed Armis's contextual data into your existing stack.
Automated Workflows: Automate vulnerability lookups in real-time.
Custom Solutions: Use the raw data to build custom dashboards, reports, alerts.
See everything.Identify true risk.Proactively mitigate threats.Book a Demo
Let's talk!
CVE-2021-4232:
Loading CVE details…
CVE-2021-4232 | Medium Severity | Armis
as the payload.\n","datePublished":"2022-05-26T17:15:08.000Z","dateModified":"2026-05-13T09:04:03.900Z","keywords":"Medium, 2022, CVE, vulnerability, cybersecurity, CVSS","url":"https://cve.armis.com/CVE-2021-4232","author":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"publisher":{"@type":"Organization","name":"Armis","url":"https://www.armis.com"},"license":"https://creativecommons.org/licenses/by-nc-sa/4.0/","isBasedOn":{"@type":"WebPage","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4232","name":"NVD CVE-2021-4232"},"additionalProperty":[{"@type":"PropertyValue","name":"CVSS Score","value":"6.1"},{"@type":"PropertyValue","name":"Severity","value":"Medium"},{"@type":"PropertyValue","name":"EPSS Score","value":"0.22%"},{"@type":"PropertyValue","name":"EPSS Percentile","value":"44th"},{"@type":"PropertyValue","name":"Attack Vector","value":"NETWORK"},{"@type":"PropertyValue","name":"Attack Complexity","value":"LOW"},{"@type":"PropertyValue","name":"Privileges Required","value":"NONE"},{"@type":"PropertyValue","name":"User Interaction","value":"REQUIRED"},{"@type":"PropertyValue","name":"Scope","value":"CHANGED"},{"@type":"PropertyValue","name":"Confidentiality Impact","value":"LOW"},{"@type":"PropertyValue","name":"Integrity Impact","value":"LOW"},{"@type":"PropertyValue","name":"Availability Impact","value":"NONE"}]},{"@context":"https://schema.org","@type":"FAQPage","mainEntity":[{"@type":"Question","name":"What is CVE-2021-4232?","acceptedAnswer":{"@type":"Answer","text":"Cross-Site Scripting (XSS) vulnerability in Zoo Management System 1.0 allows remote attackers to inject malicious scripts through the admin/manage-ticket.php file.\n"}},{"@type":"Question","name":"How severe is CVE-2021-4232?","acceptedAnswer":{"@type":"Answer","text":"CVE-2021-4232 has a CVSS score of 6.1 (Medium severity). EPSS score: 0.22% (44th percentile), indicating the estimated probability of exploitation in the wild."}},{"@type":"Question","name":"How do I fix CVE-2021-4232?","acceptedAnswer":{"@type":"Answer","text":"To remediate this vulnerability, the following actions are recommended:\n1. Update to a newer version of Zoo Management System if available\n2. Implement proper input validation and output encoding in the admin/manage-ticket.php file\n3. Apply the principle of least privilege to limit the impact of potential XSS attacks\n4. Consider implementing Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts\n5. Sanitize all user inputs before rendering them in HTML contexts using appropriate encoding functions\n6. Regularly audit and test the application for similar vulnerabilities in other components\n"}}]},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://cve.armis.com/"},{"@type":"ListItem","position":2,"name":"CVE-2021-4232","item":"https://cve.armis.com/CVE-2021-4232"}]}]
CVE-2021-4232:
Cross-Site Scripting (XSS) vulnerability in Zoo Management System 1.0 allows remote attackers to inject malicious scripts through the admin/manage-ticket.php file.
Score
A numerical rating that indicates how dangerous this vulnerability is.
6.1Medium
Published Date:May 26, 2022
CISA KEV Date:*No Data*
Industries Affected:20
Threat Predictions
EPSS Score:0.2
EPSS Percentile:44%
Exploitability
Score:2.8
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:NONE
User Interaction:REQUIRED
Scope:CHANGED
Impact
Score:2.7
Confidentiality Impact:LOW
Integrity Impact:LOW
Availability Impact:NONE
Description Preview
Cross-Site Scripting (XSS) vulnerability in Zoo Management System 1.0 allows remote attackers to inject malicious scripts through the admin/manage-ticket.php file.
Overview
The Zoo Management System 1.0 contains a reflected Cross-Site Scripting (XSS) vulnerability in its ticket management functionality. The application fails to properly sanitize user input in the admin/manage-ticket.php file, allowing attackers to inject arbitrary JavaScript code that executes when viewed by other users, particularly administrators. This vulnerability (CWE-79) could allow attackers to steal sensitive information, hijack user sessions, or perform actions on behalf of the victim. The attack vector requires minimal technical knowledge, as demonstrated by the simple proof-of-concept exploit using alert(1) as the payload.
Remediation
To remediate this vulnerability, the following actions are recommended:
Update to a newer version of Zoo Management System if available
Implement proper input validation and output encoding in the admin/manage-ticket.php file
Apply the principle of least privilege to limit the impact of potential XSS attacks
Consider implementing Content Security Policy (CSP) headers to restrict the execution of unauthorized scripts
Sanitize all user inputs before rendering them in HTML contexts using appropriate encoding functions
Regularly audit and test the application for similar vulnerabilities in other components
