Medium severity6.1NVD Advisory· Published Aug 10, 2021· Updated Jun 17, 2026
CVE-2021-37365
CVE-2021-37365
Description
CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- CTparental/CTparentaldescription
- Range: <4.45.03
Patches
Vulnerability mechanics
References
1- gist.github.com/securylight/092ba96a660e07ad76f2a380c2eaa75anvdThird Party Advisory
News mentions
0No linked articles in our index yet.