CVE-2021-47920 – WebMO Job Manager 20.0 contains a reflected cro... (How to Fix)

Q: What is the severity of CVE-2021-47920?

CVE-2021-47920 has a CVSS score of 5.4 (MEDIUM). WebMO Job Manager 20.0 contains a reflected cross-site scripting vulnerability in search parameters that allows attackers to inject malicious JavaScript. This affects organizations using WebMO Job Manager 20.0 for computational chemistry job management. Attackers can exploit this to hijack user sessions or redirect users to malicious sites.

📋 TL;DR

WebMO Job Manager 20.0 contains a reflected cross-site scripting vulnerability in search parameters that allows attackers to inject malicious JavaScript. This affects organizations using WebMO Job Manager 20.0 for computational chemistry job management. Attackers can exploit this to hijack user sessions or redirect users to malicious sites.

💻 Affected Systems

Products:

WebMO Job Manager

Versions: 20.0

Operating Systems: All platforms running WebMO

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of WebMO Job Manager 20.0. No special configuration is required for exploitation.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could hijack administrator sessions, gain full control of the WebMO system, steal sensitive computational data, and potentially pivot to internal networks.

🟠

Likely Case

Attackers would use crafted links to steal user session cookies, impersonate legitimate users, and access their computational jobs and data.

🟢

If Mitigated

With proper input validation and output encoding, the malicious scripts would be neutralized, preventing any successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires tricking users into clicking malicious links containing the XSS payload in filterSearch or filterSearchType parameters.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 20.0.1 or later

Vendor Advisory: https://www.webmo.net

Restart Required: Yes

Instructions:

1. Download the latest version from WebMO's official website. 2. Backup current configuration and data. 3. Stop the WebMO service. 4. Install the updated version. 5. Restart the WebMO service. 6. Verify the installation.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Deploy WAF rules to block requests containing suspicious JavaScript patterns in search parameters.

Input Validation Filter

all

Implement server-side input validation to sanitize filterSearch and filterSearchType parameters.

🧯 If You Can't Patch

Implement Content Security Policy (CSP) headers to restrict script execution sources
Disable external access to WebMO Job Manager and restrict to internal network only

🔍 How to Verify

Check if Vulnerable:

Test by accessing the search functionality with a payload like <script>alert('XSS')</script> in filterSearch parameter and check if script executes.

Check Version:

Check WebMO version via web interface or configuration files; typically visible in admin panel or footer.

Verify Fix Applied:

After patching, repeat the XSS test with the same payload; the script should not execute and the input should be properly encoded.

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing <script> tags or JavaScript functions in filterSearch/filterSearchType parameters
Unusual redirect patterns from search pages

Network Indicators:

HTTP traffic with encoded JavaScript in URL parameters
Requests to external domains from search pages

SIEM Query:

source="webmo_logs" AND (url="*filterSearch=*<script>*" OR url="*filterSearchType=*javascript:*")

📊 Metadata

CVE ID: CVE-2021-47920

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: February 1, 2026

Last Updated: February 4, 2026

🤖 AI-assisted analysis, reviewed for accuracy