An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
CPE | Name | Operator | Version |
---|---|---|---|
craftercms | eq | 3.1.17 | |
craftercms | eq | 3.1.1 | |
craftercms | eq | 3.1.12 | |
craftercms | eq | 3.1.16 | |
craftercms | eq | 3.1.5 | |
craftercms | eq | 3.1.10 | |
craftercms | eq | 3.1.0 | |
craftercms | eq | 3.1.4 | |
craftercms | eq | 3.1.9 | |
craftercms | eq | 3.1.11 |