2 matches found
CVE-2021-37211 Larvata Digital Technology Co. Ltd. FLYGO - Stored XSS
The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks...
CVE-2021-37211
The CVE-2021-37211 entry concerns Flygo's bulletin/announcements feature that fails to filter special characters when adding a new announcement, enabling a stored XSS via input submitted with a general user credential. Attackers could inject JavaScript through the announcements field, leading to ...