CVE-2021-43960

Name: CVE-2021-43960
Creator: NVD / NIST
Published: 2022-01-12T19:15:08.453+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.8/10EPSS 0.59%

Last modified Jun 17, 2026

CVE-2021-43960 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. EPSS estimates a 0.59% chance of exploitation in the next 30 days.

Description

Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability. Exploitation requires administrator privileges and is performed through the Wizard editor of the application. The attack requires an administrator to go into the Wizard editor and enter an XSS payload within the Page title, Page Instructions, Text before, Text after, or Text on side box. Once this has been done, the administrator must click save and finally wait until any user of the application performs a booking for rental items in the booking area of the application, where the XSS triggers. NOTE: another perspective is that the administrator may require JavaScript to customize any aspect of the page rendering. There is no effective way for the product to defend users in the face of a malicious administrator

Metrics

CVSS 3.1

4.8/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

EPSS Probability

0.59%

43.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions
Lorensbergs	Connect2	3.13.7647.20190

References

https://www.lorensbergs.co.uk/products/connect2-academic/Product, Vendor Advisory
https://www.surecloud.com/resources/blog/lorensbergs-connect2-cross-site-scriptingExploit, Third Party Advisory
https://www.lorensbergs.co.uk/products/connect2-academic/Product, Vendor Advisory
https://www.surecloud.com/resources/blog/lorensbergs-connect2-cross-site-scriptingExploit, Third Party Advisory

Timeline

Published: Jan 12, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-43960?

How severe is CVE-2021-43960?

CVE-2021-43960 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.59% probability of exploitation in the next 30 days.

How do I fix CVE-2021-43960?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-43960?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST