Lucene search
MitreCVELIST:CVE-2021-37392HistoryJul 26, 2021 - 5:03 p.m.
CVE-2021-37392
2021-07-2617:03:20
mitre
www.cve.org
0.001 Low
EPSS
Percentile
25.0%
In RPCMS v1.8 and below, the βnicknameβ variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS.
Related
cve
cve
CVE-2021-37392
2021-07-26 18:15:08
prion
prion
Cross site scripting
2021-07-26 18:15:00
nvd
nvd
CVE-2021-37392
2021-07-26 18:15:08
cnvd
cnvd
RPCMS Cross-Site Scripting Vulnerability (CNVD-2021-61418)
2021-07-30 00:00:00