CVE-2021-3313 Vulnerability Details

  /     /     /  

CVE-2021-3313 Metadata Quick Info

CVE Published: 20/05/2021 | CVE Updated: 03/08/2024 | CVE Year: 2021
Source: mitre | Vendor: n/a | Product: n/a
Status : PUBLISHED

CVE-2021-3313 Description

Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user\'s input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim\'s browser if the victim opens a vulnerable page containing an XSS payload.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: n/a
Source: n/a

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: