Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
CPE | Name | Operator | Version |
---|---|---|---|
craftercms | eq | 3.1.7 | |
craftercms | eq | 3.1.11 | |
craftercms | eq | 3.1.5 | |
craftercms | eq | 3.1.4 | |
craftercms | eq | 3.1.10 | |
craftercms | eq | 3.1.9 | |
craftercms | eq | 3.1.0 | |
craftercms | eq | 3.1.6 | |
craftercms | eq | 3.1.8 | |
craftercms | eq | 3.1.1 |