CVE-2021-41236

MEDIUM6.9EPSS 0.50%

XSS vulnerability on email template preview page

Published: 1/6/2022Modified: 3/13/2026

Description

### Summary Email template preview is vulnerable to XSS payload added to email template content. The attacker should have permission to create or edit an email template. For successful payload, execution attacked user should preview a vulnerable email template. ### Workarounds There are no workarounds that address this vulnerability.

Affected packages (1)

Packagist/oro/platform>= 3.1.0, < 3.1.21

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-41236
PATCHhttps://github.com/oroinc/platform
WEBhttps://github.com/oroinc/platform/commit/2a089c971fc70bc63baf8770d29ee515ce5a415a
WEBhttps://github.com/oroinc/platform/security/advisories/GHSA-qv7g-j98v-8pp7