HTML Escaping Vulnerability in Foris Login Template for Turris OS by NIC
CVE-2021-3346

9.8CRITICAL

Key Information:

Vendor: Nic
Status: Foris
Vendor: CVE Published:; 29 January 2021

What is CVE-2021-3346?

A vulnerability in Foris, utilized in Turris OS, allows for insufficient HTML escaping in the login template. This may lead to potential security threats, including cross-site scripting (XSS) attacks where malicious code can be executed in the user's browser. Without proper HTML escaping, user input could be injected into the webpage, potentially exposing sensitive information or compromising the session security.