Cross Site Scripting (XSS) vulnerability in engineercms 1.03 allows execution of arbitrary JavaScript code in user's browser
CVE-2021-36605 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser.
Learn more about our Api Penetration Testing.