CVE-2021-41565

Summary

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.

Affected Software

VendorProductVersion RangeStatus
TadTadTools0 <= 3.2.1affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References