Medium severity5.4NVD Advisory· Published Feb 9, 2021· Updated Jun 17, 2026
CVE-2021-26549
CVE-2021-26549
Description
An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- SmartFoxServer/SmartFoxServerdescription
- Range: = 2.17.0
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/161335/SmartFoxServer-2X-2.17.0-God-Mode-Console-WebSocket-Cross-Site-Scripting.htmlnvdExploitThird Party AdvisoryVDB Entry
- www.zeroscience.mk/en/vulnerabilities/nvdExploitThird Party Advisory
- www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5626.phpnvdExploitThird Party Advisory
- www.smartfoxserver.comnvdProduct
News mentions
0No linked articles in our index yet.