Skip to content
/ CVE-2021-38699 Public

TastyIgniter 3.0.7 allows XSS via the name field during user-account creation

3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Justin-1993/CVE-2021-38699

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2021-38699 TastyIgniter 3.0.7 allows XSS via the name field during user-account creation.

A Stored Cross Site Scripting Vulnerability exists in multiple pages of TastyIgniter v3.0.7 that allows for arbitrary execution of JavaScript. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38699

Vulnerable Pages: /account, /reservation, /admin/dashboard, /admin/system_logs

Vulnerable Payloads: “><script> alert(1) </script> <script> alert(1) </script>

Found by Justin White and Matt Kiely | HuskyHacks, August 2021

About

TastyIgniter 3.0.7 allows XSS via the name field during user-account creation

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published