Moderate severityNVD Advisory· Published May 16, 2022· Updated Sep 16, 2024
Improper Output Neutralization for Logs in Crafter Studio
CVE-2021-23266
Description
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.craftercms:craftercmsMaven | >= 3.1.0, < 3.1.18 | 3.1.18 |
Affected products
2- Range: 3.1
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-545f-pgp7-fwjfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23266ghsaADVISORY
- docs.craftercms.org/en/3.1/security/advisory.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.