TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-5169-327ef-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2021-10-08T15:15:35.097411Z
Updated: 2024-09-16T16:13:39.371Z
Reserved: 2021-09-22T00:00:00
Link: CVE-2021-41565
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-10-08T16:15:07.890
Modified: 2024-11-21T06:26:26.357
Link: CVE-2021-41565
Redhat
No data.