CVE-2021-23266

MEDIUM4.3EPSS 0.24%

Log value insertion in craftercms

發布日:2022/5/17修改日:2023/11/8

描述

An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

受影響套件(1)

Maven/org.craftercms:craftercms>= 3.1.0, < 3.1.18

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

參考連結(2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23266
WEBhttps://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602