TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.twcert.org.tw/tw/cp-132-5169-327ef-1.html |
History
No history.
MITRE
Status: PUBLISHED
Assigner: twcert
Published: 2021-10-08T15:15:35.097411Z
Updated: 2024-09-16T16:13:39.371Z
Reserved: 2021-09-22T00:00:00
Link: CVE-2021-41565
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-10-08T16:15:07.890
Modified: 2021-10-15T15:20:14.537
Link: CVE-2021-41565
Redhat
No data.