CVE-2020-21316

Name of the Vulnerable Software and Affected Versions: ZrLog version 2.1.3

Description: A Cross-site scripting (XSS) vulnerability exists in the comment section, which allows remote attackers to inject arbitrary web script and steal administrator cookies via the nickname parameter, gaining access to the admin panel.

Recommendations: For ZrLog version 2.1.3, consider disabling the comment section or restricting access to it until a patch is available to prevent exploitation of the XSS vulnerability. Avoid using the nickname parameter in the comment section until the issue is resolved.