CVE-2021-23266 MEDIUM

CVE-2021-23266: Improper Output Neutralization for Logs in Crafter Studio

Vendor Crafter Software
Product Crafter CMS
Weakness CWE-117
Published May 16, 2022
Last update September 16, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.

Key dates

02Disclosure timeline

May 16, 2022 CVE published
September 16, 2024 Record updated