Share:

CVE-2021-23260 - Craftercms Crafter CMS

December 2, 2021

Moderate 5.4

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.

Affected software

Craftercms Crafter CMS

Reference links

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2021120103

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.