go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Tad Book3 - Stored XSS

TVN ID TVN-202109028
CVE ID CVE-2021-41563
CVSS 6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products Tad Book3 <= v3.89
Description Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.
Solution Update Tad Book3 version to 3.9
Credit Hsuan
Public Date 2021-10-08
Top