CVE-2020-21316
N/A
N/A
Summary
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/94fzb/zrlog/issues/56
- https://gist.github.com/T-pod/d9405dbd61243990d65d55c5df0fcbe6
- https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941
References
- https://github.com/94fzb/zrlog/issues/56
- https://gist.github.com/T-pod/d9405dbd61243990d65d55c5df0fcbe6
- https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.