Unrated severityNVD Advisory· Published Dec 2, 2021· Updated Sep 16, 2024
Stored XSS Vulnerability in File Name of the File Upload function
CVE-2021-23260
Description
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: 3.1
Patches
Vulnerability mechanics
References
1- docs.craftercms.org/en/3.1/security/advisory.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.