Moderate severityNVD Advisory· Published May 16, 2022· Updated Sep 16, 2024
Improper Output Neutralization for Logs in Crafter Studio
CVE-2021-23266
Description
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.craftercms:craftercmsMaven | >= 3.1.0, < 3.1.18 | 3.1.18 |
Affected products
1- Range: 3.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-545f-pgp7-fwjfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23266ghsaADVISORY
- docs.craftercms.org/en/3.1/security/advisory.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.