CVE-2021-41565

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.
References
Link Resource
https://www.twcert.org.tw/tw/cp-132-5169-327ef-1.html Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:tadtools_project:tadtools:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-10-08 16:15

Updated : 2024-02-28 18:48


NVD link : CVE-2021-41565

Mitre link : CVE-2021-41565

CVE.ORG link : CVE-2021-41565


JSON object : View

Products Affected

tadtools_project

  • tadtools
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')