Cross Site Scripting Vulnerability in ThinkPHP Bjyblog by Baijunyao
CVE-2021-43682
6.1MEDIUM
What is CVE-2021-43682?
ThinkPHP Bjyblog, maintained by Baijunyao, features an XSS vulnerability located in the AdminBaseController.class.php file. This flaw arises from improper handling of output, where user-supplied data can be injected into the response generated by the exit function, potentially allowing attackers to execute malicious scripts in the context of an authenticated user's session.
