CVE-2021-26549

An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
Configurations

Configuration 1 (hide)

cpe:2.3:a:smartfoxserver:smartfoxserver:2.17.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-02-09 20:15

Updated : 2024-02-28 18:08


NVD link : CVE-2021-26549

Mitre link : CVE-2021-26549

CVE.ORG link : CVE-2021-26549


JSON object : View

Products Affected

smartfoxserver

  • smartfoxserver
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')