CVE-2020-21228: XSS
First published: Fri Oct 01 2021(Updated: )
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Jizhicms Jizhicms | =1.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-21228?
CVE-2020-21228 is a cross-site scripting (XSS) vulnerability in JIZHICMS 1.5.1.
How severe is CVE-2020-21228?
CVE-2020-21228 has a severity rating of 6.1 (Medium).
What software version is affected by CVE-2020-21228?
CVE-2020-21228 affects JIZHICMS version 1.5.1.
How can an attacker exploit CVE-2020-21228?
An attacker can exploit CVE-2020-21228 by adding an administrator cookie using a cross-site scripting (XSS) vulnerability in the /user/release.html component of JIZHICMS.
Are there any references for CVE-2020-21228?
Yes, you can find more information about CVE-2020-21228 at the following links: [http://jizhicms.com](http://jizhicms.com), [https://github.com/Cherry-toto/jizhicms](https://github.com/Cherry-toto/jizhicms), [https://github.com/Cherry-toto/jizhicms/issues/16](https://github.com/Cherry-toto/jizhicms/issues/16).
- collector/nvd-index
- agent/type
- vendor/jizhicms
- canonical/jizhicms jizhicms
- version/jizhicms jizhicms/1.5.1