exploitDog

CVE-2021-23260

Опубликовано: 02 дек. 2021

Источник: nvd

CVSS3: 6.5

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.

Ссылки

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120103
Vendor Advisory
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120103
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craftercms:crafter_cms:*:*:*:*:*:*:*:*

Версия от 3.1.0 (включая) до 3.1.12 (исключая)

EPSS

Процентиль: 64%

0.00476

Низкий

6.5 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-h94f-223c-f5mw

github

около 4 лет назад

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.

EPSS

Процентиль: 64%

0.00476

Низкий

6.5 Medium

CVSS3

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

CWE-79