CVE-2021-23260

Summary

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.

Affected Software

VendorProductVersion RangeStatus
Crafter SoftwareCrafter CMS3.1 < 3.1.12affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References