Cross Site Scripting in CraftCMS
Reported a stored cross-site scripting vulnerability in CraftCMS that was assigned CVE-2021-27902. The issue arose from an unrestricted file upload feature, where HTML files were allowed by default.
Reported a stored cross-site scripting vulnerability in CraftCMS that was assigned CVE-2021-27902. The issue arose from an unrestricted file upload feature, where HTML files were allowed by default.