TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2021-10-08T15:15:35.097411Z

Updated: 2024-09-16T16:13:39.371Z

Reserved: 2021-09-22T00:00:00

Link: CVE-2021-41565

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-10-08T16:15:07.890

Modified: 2024-11-21T06:26:26.357

Link: CVE-2021-41565

cve-icon Redhat

No data.