Cross-site Scripting (XSS) Vulnerability in ZrLog 2.1.3 Comment Section Allows Remote Code Injection and Admin Panel Access

CVE-2020-21316 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

Learn more about our Web App Pen Testing.