Vulnerability Details CVE-2021-23260
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 3.5
References
Products affected by CVE-2021-23260
-
cpe:2.3:a:craftercms:crafter_cms:3.1.0
-
cpe:2.3:a:craftercms:crafter_cms:3.1.1
-
cpe:2.3:a:craftercms:crafter_cms:3.1.10
-
cpe:2.3:a:craftercms:crafter_cms:3.1.11
-
cpe:2.3:a:craftercms:crafter_cms:3.1.2
-
cpe:2.3:a:craftercms:crafter_cms:3.1.3
-
cpe:2.3:a:craftercms:crafter_cms:3.1.4
-
cpe:2.3:a:craftercms:crafter_cms:3.1.5
-
cpe:2.3:a:craftercms:crafter_cms:3.1.6
-
cpe:2.3:a:craftercms:crafter_cms:3.1.7
-
cpe:2.3:a:craftercms:crafter_cms:3.1.8
-
cpe:2.3:a:craftercms:crafter_cms:3.1.9