CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-10T15:15:02
Updated: 2024-08-04T01:16:03.948Z
Reserved: 2021-07-21T00:00:00
Link: CVE-2021-37365
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-08-10T17:15:10.690
Modified: 2021-08-13T14:56:20.510
Link: CVE-2021-37365
Redhat
No data.