Description
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Scores
CVSS v3
4.3
EPSS
0.0024
EPSS Percentile
47.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Details
CWE
CWE-116
CWE-117
Status
published
Products (2)
craftercms/crafter_cms
3.1 - 3.1.18
org.craftercms/craftercms
3.1.0 - 3.1.18Maven
Published
May 16, 2022
Tracked Since
Feb 18, 2026