Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-29
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
CVSS Score
5.7
EPSS Score
0.002
Published
2020-08-25