Unfiltered Special Characters in Tad Book3 Editing Function Enable Remote XSS Attacks

CVE-2021-41563 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.

Learn more about our Web Application Penetration Testing UK.