CVE-2021-27902

Cross-site Scripting in packagist/craftcms/cms

Identifier

CVE-2021-27902

Package Slug

packagist/craftcms/cms

Vulnerability

Cross-site Scripting

Description

An issue was discovered in Craft CMS. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.

Affected Versions

All versions before 3.6.0

Solution

Upgrade to version 3.6.0 or above.

Last Modified

2021-07-08

source