Lucene search
GoogleOSV:CVE-2021-23266HistoryMay 16, 2022 - 5:15 p.m.
CVE-2021-23266
2022-05-1617:15:09
Google
osv.dev
4
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
| CPE | Name | Operator | Version |
|---|---|---|---|
| craftercms | eq | 3.1.17 | |
| craftercms | eq | 3.1.1 | |
| craftercms | eq | 3.1.12 | |
| craftercms | eq | 3.1.16 | |
| craftercms | eq | 3.1.5 | |
| craftercms | eq | 3.1.10 | |
| craftercms | eq | 3.1.0 | |
| craftercms | eq | 3.1.4 | |
| craftercms | eq | 3.1.9 | |
| craftercms | eq | 3.1.11 |
Related
cvelist
cvelist
CVE-2021-23266 Improper Output Neutralization for Logs in Crafter Studio
2022-05-16 00:00:00
prion
prion
Code injection
2022-05-16 17:15:00
nvd
nvd
CVE-2021-23266
2022-05-16 17:15:09
github
github
Log value insertion in craftercms
2022-05-17 00:00:33
cve
cve
CVE-2021-23266
2022-05-16 17:15:09
osv
osv
Log value insertion in craftercms
2022-05-17 00:00:33