Description
An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/ pathname.
Remediation
References
https://github.com/94fzb/zrlog/issues/39
Related Vulnerabilities
CVE-2010-4172 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-25354 Vulnerability in npm package set-in
CVE-2017-1000043 Vulnerability in npm package mapbox.js
CVE-2020-8137 Vulnerability in npm package uppy
CVE-2011-3190 Vulnerability in maven package org.apache.tomcat:coyote