Home > Vulnerability Database > CVE-2020-21316

Mend.io Vulnerability Database

CVE-2020-21316

Date: June 15, 2021

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

Language: Java

Severity Score

6.1

Related Resources (5)

Url: https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941

Url: https://github.com/94fzb/zrlog/issues/56

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-21316

Url: https://gist.github.com/T-pod/d9405dbd61243990d65d55c5df0fcbe6

Url: https://www.mend.io/vulnerability-database/CVE-2020-21316

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-21316

Date: June 15, 2021

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?