CVE-2021-3312

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-3312
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3312.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3312
Aliases
Published
2021-10-08T15:15:09.217Z
Modified
2026-04-10T04:33:31.248154Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.

References

Affected packages

Git / github.com/alkacon/opencms-core

Affected ranges

Type
GIT
Repo
https://github.com/alkacon/opencms-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
bc104acc75d2277df5864da939a1f2de5fdee504
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
c68770ae1790f9be20dd9d5b82653927b4141ca2
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
111fa04876f65f4cccd35e4086a3cbd26ab930f8
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0-NA"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.1"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "11.0.2"
        }
    ]
}

Affected versions

Other
build_10_0_0
build_10_0_0_alpha_1
build_10_0_0_alpha_1u
build_10_0_0_alpha_2
build_10_0_0_beta
build_10_0_0_beta3
build_10_0_0_beta4
build_10_0_0_beta_2
build_10_5_0
build_10_5_0_1
build_10_5_0_2
build_10_5_0_3
build_10_5_0_beta
build_10_5_x_cmsdays
build_11_0_0
build_11_0_0_beta
build_11_0_0_beta_2
build_11_0_0_rc
build_11_0_1
build_11_0_2
build_4_7_10
build_4_7_11
build_4_7_12
build_4_7_13
build_4_7_14
build_4_7_6
build_4_7_8
build_4_7_9
build_5_0_0
build_5_0_0_beta_1
build_5_0_0_beta_2
build_5_0_0_rc_1
build_5_0_0_rc_2
build_5_1_0
build_5_1_1
build_5_1_10
build_5_1_11
build_5_1_12
build_5_1_3
build_5_1_4
build_5_1_5
build_5_1_6
build_5_1_7
build_5_1_8
build_5_1_9
build_5_3_1
build_5_3_3
build_5_3_4
build_5_3_5
build_5_3_6
build_5_5_1
build_5_5_2
build_5_5_3
build_5_5_4
build_5_7_1
build_5_7_2
build_5_7_3
build_5_9_1
build_5_9_2
build_6_0_0
build_6_0_1
build_6_0_2
build_6_0_3
build_6_0_4
build_6_0_5
build_6_1_13
build_6_2_0
build_6_2_1
build_6_2_2
build_6_2_3
build_7_0_0
build_7_0_1
build_7_0_2
build_7_0_4
build_7_3_0
build_7_5_0_beta_1
build_7_9_2
build_8_0_0
build_8_0_1
build_8_0_2
build_8_0_2_1
build_8_0_3
build_8_5_0
build_8_5_1
build_8_7_0
build_8_9_0
build_9_0_0
build_9_0_0_1
build_9_5_0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3312.json"