PatchSiren cyber security CVE debrief
CVE-2021-45476 Yordam CVE debrief
CVE-2021-45476 documents an unauthenticated reflected cross-site scripting (XSS) vulnerability in Yordam Library Information Document Automation product versions prior to 19.02. The vulnerability was published in the NVD on 2022-10-27 and most recently modified on 2026-05-18. The Turkish National Cyber Security Incident Response Team (USOM) issued advisory TR-22-0669, which serves as the primary source for this vulnerability disclosure. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N) yields a base score of 4.7 (Medium severity), indicating network-accessible attack vector with low attack complexity, no privileges required, but requiring user interaction. The scope change (S:C) reflects potential impact on resources beyond the vulnerable component. CWE-79 (Improper Neutralization of Input During Web Page Generation) is identified as the underlying weakness. No known exploitation in ransomware campaigns has been documented, and the vulnerability has not been added to CISA's Known Exploited Vulnerabilities catalog.
- Vendor
- Yordam
- Product
- Library Automation System
- CVSS
- MEDIUM 4.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2022-10-27
- Original CVE updated
- 2026-05-18
- Advisory published
- 2022-10-27
- Advisory updated
- 2026-05-18
Who should care
Organizations operating Yordam Library Automation System instances, particularly academic and public library systems in Turkey and regions where this software is deployed. Security teams responsible for web application security in educational and cultural heritage institutions.
Technical summary
Unauthenticated reflected cross-site scripting vulnerability in Yordam Library Information Document Automation product before version 19.02. Attack vector is network-based with low complexity, requiring user interaction but no authentication. Scope change indicates potential impact on resources beyond the vulnerable component itself.
Defensive priority
medium
Recommended defensive actions
- Upgrade Yordam Library Automation System to version 19.02 or later to remediate the reflected XSS vulnerability
- Implement Content Security Policy (CSP) headers to mitigate impact of XSS vulnerabilities in web applications
- Validate and sanitize all user-supplied input, particularly URL parameters and query strings, before rendering in HTTP responses
- Deploy web application firewall (WAF) rules to detect and block common XSS attack patterns
- Review USOM advisory TR-22-0669 for vendor-specific guidance and additional mitigation recommendations
- Monitor for unauthorized access attempts or suspicious requests targeting library automation endpoints
Evidence notes
Primary advisory source: USOM TR-22-0669. CPE criteria confirms affected product as Yordam Library Automation System with version bound excluding 19.02. CVSS vector and CWE classification sourced from NVD record. No KEV entry or ransomware use attribution present in source corpus.
Official resources
-
CVE-2021-45476 CVE record
CVE.org
-
CVE-2021-45476 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
2022-10-27