Unrated severityNVD Advisory· Published Dec 2, 2021· Updated Sep 16, 2024
Stored XSS Vulnerability in File Name of the File Upload function
CVE-2021-23260
Description
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
Affected products
1- Range: 3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- docs.craftercms.org/en/3.1/security/advisory.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.