CVE-2021-47920 in Job Manager
Summary
by MITRE • 02/01/2026
WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 02/03/2026
The vulnerability identified as CVE-2021-47920 resides within WebMO Job Manager version 20.0, a web-based application designed for managing computational jobs in scientific computing environments. This particular flaw represents a critical security weakness that stems from insufficient input validation and output encoding within the application's search functionality. The vulnerability specifically affects the filterSearch and filterSearchType parameters, which are utilized to process user-defined search queries within the job management interface. These parameters are processed server-side and subsequently rendered back to users without proper sanitization, creating an avenue for malicious code injection.
The technical implementation of this cross-site scripting vulnerability follows the classic non-persistent attack pattern where malicious input is immediately processed and reflected back to the victim's browser without being stored on the server. When an attacker crafts specially crafted payloads and submits them through the filterSearch and filterSearchType parameters, the application fails to adequately sanitize these inputs before displaying them in the web interface. This failure allows attackers to inject malicious javascript code that executes within the victim's browser context, leveraging the trusted relationship between the user and the application. The vulnerability falls under CWE-79 which specifically addresses cross-site scripting flaws in web applications, and aligns with ATT&CK technique T1566.001 for initial access through spearphishing attachments or links.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with significant capabilities for session manipulation and redirection attacks. Successful exploitation enables threat actors to perform session hijacking by stealing session cookies or manipulating authentication tokens, potentially allowing them to assume legitimate user identities within the WebMO environment. Additionally, the vulnerability supports external redirects that can be used to direct users to malicious sites, facilitating further attacks such as credential harvesting or malware delivery. The non-persistent nature of this attack means that each victim must individually interact with the malicious payload, but the low barrier to entry and potential for widespread impact makes this vulnerability particularly dangerous in environments where multiple users access the same job management system. The attack vector requires only that a victim clicks on a malicious link or interacts with a crafted search query, making it highly exploitable in phishing campaigns or through compromised user accounts.
Mitigation strategies for CVE-2021-47920 should focus on implementing proper input validation and output encoding mechanisms within the WebMO application. The most effective immediate solution involves sanitizing all user inputs through proper encoding before rendering them in the web interface, specifically targeting the filterSearch and filterSearchType parameters. Organizations should implement Content Security Policy headers to prevent unauthorized script execution and consider implementing input length restrictions and character filtering to prevent common XSS attack patterns. The application should be updated to a patched version that addresses this specific vulnerability, as the manufacturer likely released a security update to resolve the encoding issues in the search parameter handling. Regular security assessments and penetration testing should be conducted to identify similar vulnerabilities in other application components, while user education about suspicious links and search queries can help reduce successful exploitation attempts. Network-level protections such as web application firewalls can provide additional defense-in-depth measures, though they should not be relied upon as the sole mitigation strategy. The vulnerability demonstrates the importance of maintaining up-to-date security practices and the necessity of implementing robust input validation across all user-facing application parameters to prevent exploitation of similar weaknesses.