phlmox · July 9, 2025 17:04
diff --git a/CVE-2021-27961.txt b/CVE-2021-27961.txt
 Evasys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the indexeva.php action parameter.

 [Vulnerability Type]
 Cross Site Scripting (XSS)

 [Vendor of Product]
 EvaSys

 [Affected Product Code Base]
 EvaSys - EvaSys V7.1 (2152) to EvaSys V8.0 (2202)

 [Affected Component]
 indexeva.php

 [Discoverer]
 Enes Saltik a.k.a phlmox

 [Reference]
 https://evasys.de/en/blog/

 Proof Of Concept: https://[TARGET].com/indexeva.php?action="><img src=x onpointerenter="alert()
	Evasys 7.1 (2152) through 8.0 (2202) allows Reflected XSS via the indexeva.php action parameter.

	[Vulnerability Type]
	Cross Site Scripting (XSS)

	[Vendor of Product]
	EvaSys

	[Affected Product Code Base]
	EvaSys - EvaSys V7.1 (2152) to EvaSys V8.0 (2202)

	[Affected Component]
	indexeva.php

	[Discoverer]
	Enes Saltik a.k.a phlmox

	[Reference]
	https://evasys.de/en/blog/

	Proof Of Concept: https://[TARGET].com/indexeva.php?action="><img src=x onpointerenter="alert()