First published: Thu Dec 02 2021(Updated: )
nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t'].
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Nzedb Project Nzedb | =0.4.20 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-43686 is a Cross Site Scripting (XSS) vulnerability found in nZEDb v0.4.20.
CVE-2021-43686 affects nZEDb by allowing an attacker to execute malicious scripts on the affected website.
CVE-2021-43686 has a severity level of medium.
To fix CVE-2021-43686, it is recommended to update your nZEDb installation to a version that is not affected by the vulnerability.
More information about CVE-2021-43686 can be found at the following reference: https://github.com/nZEDb/nZEDb/issues/2659