CVE-2021-23266

Summary

An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

Affected Software

VendorProductVersion RangeStatus
Crafter SoftwareCrafter CMS3.1 <= 3.1.17affected

Weaknesses

  • CWE-117: CWE-117 Improper Output Neutralization for Logs

ADP Enrichment

CVE Program Container

Additional References

References