CVE-2021-44912

Source
https://cve.org/CVERecord?id=CVE-2021-44912
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44912.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44912
Published
2022-02-09T16:15:14.300Z
Modified
2026-04-10T04:38:22.276909Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL.

References

Affected packages

Git / github.com/xpressengine/xe-core

Affected ranges

Type
GIT
Repo
https://github.com/xpressengine/xe-core
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.11.6"
        }
    ]
}

Affected versions

1.*
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.7.10
1.7.11
1.7.12
1.7.13
1.7.3.6
1.7.5.3
1.7.5.4
1.7.5.5
1.7.5.6
1.7.5.7
1.7.6
1.7.7
1.7.7.1
1.7.7.2
1.7.8
1.7.9
1.8.0
1.8.1
1.8.10
1.8.11
1.8.12
1.8.13
1.8.14
1.8.15
1.8.16
1.8.17
1.8.19
1.8.2
1.8.20
1.8.21
1.8.22
1.8.23
1.8.24
1.8.25
1.8.26
1.8.27
1.8.28
1.8.29
1.8.3
1.8.30
1.8.31
1.8.32
1.8.33
1.8.34
1.8.35
1.8.36
1.8.37
1.8.38
1.8.39
1.8.4
1.8.40
1.8.41
1.8.42
1.8.43
1.8.44
1.8.45
1.8.46
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.9.0
1.9.1
1.9.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44912.json"