Description
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
References (3)
Core 3
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/94fzb/zrlog/issues/56
Patch, Third Party Advisory x_refsource_misc
https://gist.github.com/T-pod/d9405dbd61243990d65d55c5df0fcbe6
Patch, Third Party Advisory x_refsource_misc
https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941
Scores
CVSS v3
6.1
EPSS
0.0086
EPSS Percentile
75.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
zrlog/zrlog
2.1.3
Published
Jun 15, 2021
Tracked Since
Feb 18, 2026