First published: Thu Dec 02 2021(Updated: )
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
taogogo taoCMS | =2.5-beta5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-25785 is a cross-site scripting (XSS) vulnerability found in Taocms v2.5Beta5.
CVE-2021-25785 allows attackers to execute malicious scripts in the user's browser, potentially leading to data theft, session hijacking, and other attacks.
To fix the XSS vulnerability, you should update Taocms to a version that includes a security patch or upgrade to a newer, more secure version.
There is currently no known workaround for CVE-2021-25785 in Taocms v2.5Beta5. It is recommended to apply the necessary security updates or upgrade to a patched version.
You can find more information about CVE-2021-25785 on the Taocms GitHub page: https://github.com/taogogo/taocms/issues/3