CVE-2020-21316

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-21316

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21316.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-21316

Published

2021-06-15T20:15:11Z

Modified

2025-01-14T22:34:03Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

References

Affected packages

Git / github.com/94fzb/zrlog

Affected ranges

Type: GIT
Repo: https://github.com/94fzb/zrlog
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b921c1ae03b8290f438657803eee05226755c941

Fixed

b921c1ae03b8290f438657803eee05226755c941