Cross Site Scripting (XSS) vulnerability in engineercms 1.03 allows execution of arbitrary JavaScript code in user's browser

Cross Site Scripting (XSS) vulnerability in engineercms 1.03 allows execution of arbitrary JavaScript code in user's browser

CVE-2021-36605 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser.

Learn more about our Api Penetration Testing.