CVE-2021-23260

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-23260
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23260.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-23260
Published
2021-12-02T16:15:07.563Z
Modified
2026-03-14T01:43:51.912990Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.

References

Affected packages

Git / github.com/craftercms/craftercms

Affected ranges

Type
GIT
Repo
https://github.com/craftercms/craftercms
Events
Introduced
8b4368c37a3ccdddbd37c1dd915d8352b3c6f1ef
Fixed
2cb0bd34e685080060906d7d83a5d16b9f303a49
Database specific 
{
    "versions": [
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.12"
        }
    ]
}

Affected versions

v3.*
v3.1.0
v3.1.1
v3.1.10
v3.1.11
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23260.json"