Base Score

MEDIUM4.3

CVE-2021-23266

An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

VectorNETWORK

Published Bysecurity@craftersoftware.com

Published DateMay 16, 2022, 17:15

Affected Versions(1)

org.craftercms:craftercms(Maven)

Introduced3.1.0

Fixed3.1.18

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.craftercms:craftercms(Maven)	3.1.0	3.1.18	N/A

Weakness Type (CWE):CWE-116

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE

References

https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602

Base Score

MEDIUM4.3

Weakness Type (CWE):CWE-116

CVSS Metrics

Base Score

4.3

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Base Severity

MEDIUM

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

LOW

Availability (A)

NONE