CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
References
Link | Resource |
---|---|
https://gist.github.com/securylight/092ba96a660e07ad76f2a380c2eaa75a | Third Party Advisory |
https://gitlab.com/marsat/CTparental/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-08-10T15:15:02
Updated: 2021-08-10T15:15:02
Reserved: 2021-07-21T00:00:00
Link: CVE-2021-37365
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-10T17:15:10.690
Modified: 2021-08-13T14:56:20.510
Link: CVE-2021-37365
JSON object: View
Redhat Information
No data.
CWE