CVE-2020-21316
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-21316
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-21316.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-21316
- Published
- 2021-06-15T20:15:11.300Z
- Modified
- 2025-11-19T17:35:31.658286Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
- References
Affected packages
Git / github.com/94fzb/zrlog
Affected ranges
- Type
- GIT
- Repo
- https://github.com/94fzb/zrlog
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"target": {
"function": "visitorPermission",
"file": "web/src/main/java/com/zrlog/web/interceptor/VisitorInterceptor.java"
},
"signature_version": "v1",
"digest": {
"length": 1104.0,
"function_hash": "314116546790506854085695190330257683378"
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-0efcd70f",
"signature_type": "Function"
},
{
"target": {
"function": "save",
"file": "service/src/main/java/com/zrlog/service/CommentService.java"
},
"signature_version": "v1",
"digest": {
"length": 1149.0,
"function_hash": "137613741883679278491632420607273961738"
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-257d655e",
"signature_type": "Function"
},
{
"target": {
"function": "fillArticleInfo",
"file": "web/src/main/java/com/zrlog/web/interceptor/TemplateHelper.java"
},
"signature_version": "v1",
"digest": {
"length": 1328.0,
"function_hash": "243539549476825609237483414567709360403"
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-3a5a9e0c",
"signature_type": "Function"
},
{
"target": {
"file": "common/src/main/java/com/zrlog/web/util/WebTools.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"255317515322004661244838622795289278510",
"1585590115297278668542033621338600927",
"254891015209655894095497332809953272185",
"127535317118388556884289854862733688977",
"191811468374451648440606354442601973995",
"234482959144584477846631332928910975033",
"128531876409498421601571775994588919931",
"49052709491107294757906768625593591506",
"85127002104879830226331679488692397774",
"334189335248224068690334842305714807004",
"292145379695361543872316783387136243774",
"269936479993536339696752510048312913867",
"264409648700854651823348133134607573768"
],
"threshold": 0.9
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-61064135",
"signature_type": "Line"
},
{
"target": {
"file": "web/src/main/java/com/zrlog/web/controller/blog/ArticleController.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"181698198724114515457028488461359997051",
"78293718847762090180831430992759950408",
"227952938564799657506579552419492826802",
"338546277548037556835424653200028731825",
"152649622324033886272711513714946452720",
"74122167379593432692728147884713950434",
"224560405946310655793607518442119409196",
"304589926665924769059257584194924262617",
"202142239757429806879995151234506415139",
"272959905494415245370135732323385478978",
"246172498396409406269758518918081870391",
"197475500111986437369497199969399682144",
"4954522115248510123166082542878109127",
"73708422785249498016964631364800179806",
"297812936685670484314197255204429298839",
"77138836914463877242950420553889866509"
],
"threshold": 0.9
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-83ebf214",
"signature_type": "Line"
},
{
"target": {
"file": "service/src/main/java/com/zrlog/service/CommentService.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"178053060088788974393113175310314180646",
"92275880426040984137495012234942305785",
"52765419042201367541045930796366806354",
"175358007515466031679721415109337571197",
"37593684550153422024637936302115416362",
"130099785033098268167324943382592710728",
"275223062953703030271882369695886645572",
"73715361936018940725651771672425761546",
"22195925961968675355307281252943698564",
"82626779293346072494414603583557442666",
"330305284237318781853359687356538502192",
"172419303118402829017540987165309172758",
"196443777864715007678975226858929107548",
"290518383898672222908397394758330151183"
],
"threshold": 0.9
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-88db142f",
"signature_type": "Line"
},
{
"target": {
"file": "web/src/main/java/com/zrlog/web/interceptor/VisitorInterceptor.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"81674906023471645466592537015215189310",
"10129745713239287829397144641241857619",
"282804773865029287285642757612263921150",
"182174972745819675941802491244710833607",
"339039745101975972296562730485988622889",
"228899969454856675753784777051935732331",
"262529975862715798549720180822144006434",
"199343592546387810499397962256443548272"
],
"threshold": 0.9
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-9bdd04b9",
"signature_type": "Line"
},
{
"target": {
"function": "saveComment",
"file": "web/src/main/java/com/zrlog/web/controller/blog/ArticleController.java"
},
"signature_version": "v1",
"digest": {
"length": 253.0,
"function_hash": "295394059786802822867445299716423078386"
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-ae6888c5",
"signature_type": "Function"
},
{
"target": {
"function": "afterJFinalStart",
"file": "web/src/main/java/com/zrlog/web/config/ZrLogConfig.java"
},
"signature_version": "v1",
"digest": {
"length": 1150.0,
"function_hash": "328781203447287451830282395420437218762"
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-b4166985",
"signature_type": "Function"
},
{
"target": {
"function": "getRealIp",
"file": "common/src/main/java/com/zrlog/web/util/WebTools.java"
},
"signature_version": "v1",
"digest": {
"length": 715.0,
"function_hash": "7068073471497652788829679465550950382"
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-b6a4a1f7",
"signature_type": "Function"
},
{
"target": {
"file": "web/src/main/java/com/zrlog/web/interceptor/TemplateHelper.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"35767719419188490829919311240567076081",
"90719088655743489986813475385448360465",
"218374467866992455428320116034123166642",
"68019269094447134616163783392130856448"
],
"threshold": 0.9
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-bb2d9f0c",
"signature_type": "Line"
},
{
"target": {
"file": "web/src/main/java/com/zrlog/web/config/ZrLogConfig.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"74905063471474703248189730641804005053",
"130308717912076800051313452541027448753",
"37495164491180937392416168901757183190",
"71815569320077476230847569244722166896",
"248744880354348207321794203919310046318",
"104593027055061343465193587486782039883",
"65903254530894404463457035669405346954",
"247220481241153184055740706176680373152",
"301910473106642072078411063025395289642",
"134618710902054889966067179626439499550",
"30323998384549489032504626572908890109",
"87108183155772886971799773587441098080"
],
"threshold": 0.9
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-cc9763d3",
"signature_type": "Line"
},
{
"target": {
"file": "web/src/main/java/com/zrlog/web/Application.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"337947787947358830477196862020105624860",
"42233489271249215341832571073079729067",
"204925795602141333892684847050874504727",
"259339527632048421534968985598555287556"
],
"threshold": 0.9
},
"source": "https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941",
"deprecated": false,
"id": "CVE-2020-21316-e0817f0a",
"signature_type": "Line"
}
]