CVE-2021-23266
Description
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Risk Information
Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.243
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-23265,CVE-2021-23266 are fixed in CrafterCMS-craftercms 3.1.18 | Windows |
| Vulnerabilities CVE-2021-23265,CVE-2021-23266 are fixed in CrafterCMS-craftercms for Linux 3.1.18 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234