CVE-2021-41236
MEDIUM6.9EPSS 0.50%XSS vulnerability on email template preview page
發布日:2022/1/6修改日:2026/3/13
描述
### Summary Email template preview is vulnerable to XSS payload added to email template content. The attacker should have permission to create or edit an email template. For successful payload, execution attacked user should preview a vulnerable email template. ### Workarounds There are no workarounds that address this vulnerability.
受影響套件(1)
- Packagist/oro/platform>= 3.1.0, < 3.1.21
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.9 | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N |