First published: Tue Mar 02 2021(Updated: )
ZendTo before 6.06-4 Beta allows XSS during the display of a drop-off in which a filename has unexpected characters.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Zend Zendto | <=6.05-4 | |
Zend Zendto | =6.06-1-beta | |
Zend Zendto | =6.06-2-beta | |
Zend Zendto | =6.06-3-beta |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-27888.
The severity of CVE-2021-27888 is medium.
The affected software versions for CVE-2021-27888 are ZendTo 6.05-4 beta, ZendTo 6.06-1 beta, ZendTo 6.06-2 beta, and ZendTo 6.06-3 beta.
CVE-2021-27888 is a vulnerability in ZendTo before 6.06-4 Beta that allows cross-site scripting (XSS) during the display of a drop-off when a filename has unexpected characters.
To fix CVE-2021-27888, it is recommended to upgrade to ZendTo version 6.06-4 Beta or later.