CVE-2021-37365

CVE-2021-37365

CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the ‘categories’ variable is assigned with the content of the query string param ‘cat’ without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.

Source: CVE-2021-37365

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다