CVE-2020-21316

MEDIUM EPSS 62.1%
Published Jun 15, 20215y ago · Modified Jun 17, 20262w ago
6.1 CVSS 3.1
Medium
Find Similar
Published Jun 15, 2021 5y ago
Last Modified Jun 17, 2026 2w ago

Description

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

CVSS Details

Base Score
6.1
Exploitability
2.8
Impact
2.7
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Changed
Confidentiality Low
Integrity Low
Availability None

Threat Intelligence

EPSS Exploit Probability
62.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
zrlogzrlog2.1.3any

References 3

  • gist.github.com https://gist.github.com/T-pod/d9405dbd61243990d65d55c5df0fcbe6
    PatchThird Party Advisory
  • github.com https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941
    PatchThird Party Advisory
  • github.com https://github.com/94fzb/zrlog/issues/56
    PatchThird Party Advisory

Remediation

  • gist.github.com https://gist.github.com/T-pod/d9405dbd61243990d65d55c5df0fcbe6
    PatchThird Party Advisory
  • github.com https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941
    PatchThird Party Advisory
  • github.com https://github.com/94fzb/zrlog/issues/56
    PatchThird Party Advisory