CVE-2021-3312

Source
https://cve.org/CVERecord?id=CVE-2021-3312
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3312.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-3312
Aliases
Published
2021-10-08T15:15:09.217Z
Modified
2026-07-09T01:06:54.668284Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.

References

Affected packages

Git / github.com/alkacon/opencms-core

Affected ranges

Type
GIT
Repo
https://github.com/alkacon/opencms-core
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:alkacon:opencms:11.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:alkacon:opencms:11.0.1:*:*:*:*:*:*:*",
        "cpe:2.3:a:alkacon:opencms:11.0.2:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "11.0-NA"
        },
        {
            "last_affected": "11.0-NA"
        },
        {
            "introduced": "11.0.1"
        },
        {
            "last_affected": "11.0.1"
        },
        {
            "introduced": "11.0.2"
        },
        {
            "last_affected": "11.0.2"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

11.*
11.0-NA
11.0.1
11.0.2
Other
build_11_0_0
build_11_0_1
build_11_0_2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3312.json"