Vulnerability Database

309,136

Total vulnerabilities in the database

CVE-2020-21316

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.

Published: Jun 15, 2021
Updated: Nov 16, 2025
CVE: CVE-2020-21316
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
zrlog / zrlog	2.1.3	2.1.3.x

https://gist.github.com/T-pod/d9405dbd61243990d65d55c5df0fcbe6
https://github.com/94fzb/zrlog/commit/b921c1ae03b8290f438657803eee05226755c941
https://github.com/94fzb/zrlog/issues/56

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo