Moderate severityNVD Advisory· Published Jun 8, 2021· Updated Aug 3, 2024
CVE-2021-32106
CVE-2021-32106
Description
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
icecoder/icecoderPackagist | < 8.1 | 8.1 |
Affected products
2- ICEcoder/ICEcoderdescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/advisories/GHSA-jf9v-q8vh-3fmcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-32106ghsaADVISORY
- github.com/icecoder/ICEcoder/commit/21d6ae0f2a3fce7d076ae430d48f5df56bd0f256ghsaWEB
- groups.google.com/g/icecoder/c/xcAc8_1UPxQghsax_refsource_MISCWEB
- prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scriptingghsaWEB
- prophaze.com/cve/icecoder-8-0-multipe-results-php-replace-cross-site-scripting/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.