CVE-2021-27902

Опубликовано: 30 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.

Ссылки

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
Patch
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#360---2021-01-26
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#security-1
Release Notes
Third Party Advisory
https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Версия до 3.6.0 (исключая)

EPSS

Процентиль: 61%

0.00419

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-3jxh-789f-p7m6