CVE-2021-41565
6.1 MEDIUMTadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript ...
Published: 2021-10-08 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 6.1 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CWE
- CWE-79
Affected products
| Vendor | Product |
|---|---|
| tadtools_project | tadtools |
Description
TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2021-41975 — TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the specific parameter to delete arbitrary fil... (7.5 HIGH)
- CVE-2021-41566 — The file extension of the TadTools file upload function fails to filter, thus remote attackers can upload any types of files and execute ... (9.8 CRITICAL)
Same CWE
- CVE-2026-12425 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PowerSchool Employee Access ...
- CVE-2024-30476 — PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager (5.4 MEDIUM)
- CVE-2026-54198 — Unauthenticated Cross Site Scripting (XSS) in Media LIbrary Assistant <= 3.35 versions (7.1 HIGH)
- CVE-2026-54191 — Unauthenticated Cross Site Scripting (XSS) in Pods <= 3.3.8 versions (7.1 HIGH)
- CVE-2026-39437 — Unauthenticated Cross Site Scripting (XSS) in Min Max Step Quantity Limits Manager for WooCommerce <= 5.2.2 versions (7.1 HIGH)