Description
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.
Remediation
References
https://github.com/94fzb/zrlog/issues/39
Related Vulnerabilities
CVE-2021-43807 Vulnerability in maven package org.opencastproject:opencast-common
CVE-2019-15953 Vulnerability in npm package total.js
CVE-2020-8131 Vulnerability in maven package org.webjars.npm:yarn
CVE-2021-35065 Vulnerability in maven package org.webjars.npm:glob-parent
CVE-2014-0074 Vulnerability in maven package org.apache.shiro:shiro-core