CVE-2021-23266
EUVD-2022-249116.05.2022, 17:15
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| craftercms | crafter_cms | 3.1 ≤ 𝑥 < 3.1.18 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-117 - Improper Output Neutralization for LogsThe software does not neutralize or incorrectly neutralizes output that is written to logs.
- CWE-116 - Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.