go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

Tad TadTools - Reflected XSS

TVN ID TVN-202109030
CVE ID CVE-2021-41565
CVSS 6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products Tad TadTools <= v3.2.1
Description TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.
Solution Update TadTools version to 3.2.2
Credit Hsuan
Public Date 2021-10-08

Links

  1. CVE-2021-41565
Top