Vulnerability Details CVE-2021-36605
engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-36605
-
cpe:2.3:a:engineercms_project:engineercms:1.03