CVE-2021-37365
- EPSS 0.22%
- Veröffentlicht 10.08.2021 17:15:10
- Zuletzt bearbeitet 21.11.2024 06:15:00
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, en...
CVE-2021-37366
- EPSS 0.14%
- Veröffentlicht 10.08.2021 17:15:10
- Zuletzt bearbeitet 21.11.2024 06:15:01
CTparental before 4.45.03 is vulnerable to cross-site request forgery (CSRF) in the CTparental admin panel. By combining CSRF with XSS, an attacker can trick the administrator into clicking a link that cancels the filtering for all standard users.
CVE-2021-37367
- EPSS 0.12%
- Veröffentlicht 10.08.2021 17:15:10
- Zuletzt bearbeitet 21.11.2024 06:15:01
CTparental before 4.45.07 is affected by a code execution vulnerability in the CTparental admin panel. Because The file "bl_categories_help.php" is vulnerable to directory traversal, an attacker can create a file that contains scripts and run arbitra...