First published: Wed Jun 30 2021(Updated: )
An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/craftcms/cms | <3.6.0 | 3.6.0 |
Craftcms Craft Cms | <3.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-27902.
The severity of CVE-2021-27902 is medium with a CVSS score of 6.1.
The affected software version of CVE-2021-27902 is Craft CMS before version 3.6.0.
CVE-2021-27902 is a cross-site scripting (XSS) vulnerability.
To fix CVE-2021-27902, upgrade to Craft CMS version 3.6.0 or later.