CVE-2021-23266
4.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Crafter Software | Crafter CMS | 3.1 <= 3.1.17 | affected |
Weaknesses
- CWE-117: CWE-117 Improper Output Neutralization for Logs
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.