CVE-2021-41236, GHSA-qv7g-j98v-8pp7
packagist/oro/platform
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
OroPlatform is a PHP Business Application Platform.An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.
All versions starting from 3.1.0 before 3.1.21, all versions starting from 4.1.0 before 4.1.14, all versions starting from 4.2.0 before 4.2.8
Upgrade to versions 4.0.0, 4.2.8 or above.
2022-01-10
source |