PT-2022-9387 · Crafter+3 · Crafter Cms+1

Faizan Wani

Published

2022-05-16

Updated

2022-05-25

CVE-2021-23266

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided descriptions.

Description An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-117

Related Identifiers

CVE-2021-23266

GHSA-545F-PGP7-FWJF

Affected Products

Crafter Cms

Org.Craftercms:Craftercms

PT-2022-9387 · Crafter+3 · Crafter Cms+1

CVE-2021-23266

Weakness Enumeration

Related Identifiers

Affected Products

References · 6