Vulnerability Description
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ctparental Project | Ctparental | < 4.45.03 |
Related Weaknesses (CWE)
References
- https://gist.github.com/securylight/092ba96a660e07ad76f2a380c2eaa75aThird Party Advisory
- https://gitlab.com/marsat/CTparental/Third Party Advisory
- https://gist.github.com/securylight/092ba96a660e07ad76f2a380c2eaa75aThird Party Advisory
- https://gitlab.com/marsat/CTparental/Third Party Advisory
FAQ
What is CVE-2021-37365?
CVE-2021-37365 is a vulnerability with a CVSS score of 6.1 (MEDIUM). CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query strin...
How severe is CVE-2021-37365?
CVE-2021-37365 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37365?
Check the references section above for vendor advisories and patch information. Affected products include: Ctparental Project Ctparental.