CVE-2021-43686

Name of the Vulnerable Software and Affected Versions: nZEDb version 0.4.20

Description: The issue is related to a Cross Site Scripting (XSS) vulnerability in the www/pages/api.php file. The exit function terminates the script and prints a message that includes the input from $ GET['t']. This allows for potential XSS attacks by manipulating the $ GET['t'] variable.

Recommendations: For nZEDb version 0.4.20, consider restricting access to the www/pages/api.php file until a patch is available. As a temporary workaround, avoid using the $ GET['t'] variable in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.