2021-08-10 15:15:02
mitre
PUBLISHED
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the categories variable is assigned with the content of the query string param cat without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.