CVE-2021-37365

CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:ctparental_project:ctparental:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-08-10 17:15

Updated : 2024-02-28 18:28


NVD link : CVE-2021-37365

Mitre link : CVE-2021-37365

CVE.ORG link : CVE-2021-37365


JSON object : View

Products Affected

ctparental_project

  • ctparental
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')