CVE-2021-41565 MEDIUM

CVE-2021-41565: Tad TadTools - Reflected XSS

Vendor Tad

Product TadTools

Weakness CWE-79 · XSS

Published October 8, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

6.1/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.

Key dates

02Disclosure timeline

October 8, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-41565 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-7716 Real-time SEO for Drupal - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-091 CVE-2025-50019 WordPress Simple Sticky Footer plugin <= 1.3.5 - Cross Site Scripting (XSS) Vulnerability CVE-2024-35664 WordPress WPvivid Backup for MainWP plugin <= 0.9.32 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2022-2710 Scroll To Top < 1.4.1 - Admin+ Stored Cross-Site Scripting CVE-2024-5370 Kashipara College Management System submit_enroll_staff.php cross site scripting