eval.blog

Home

❯

CVEs

❯

CVE 2021 27902

CVE-2021-27902

Jul 29, 20211 min read

Cross Site Scripting in CraftCMS

Reported a stored cross-site scripting vulnerability in CraftCMS that was assigned CVE-2021-27902. The issue arose from an unrestricted file upload feature, where HTML files were allowed by default.

References

  • https://nvd.nist.gov/vuln/detail/CVE-2021-27902
  • https://eval.blog/research/craftcms-zero-day-ssti-xss-triggering-rce
  • https://github.com/craftcms/cms/commit/8ee85a8f03c143fa2420e7d6f311d95cae3b19ce

Graph View

  • Cross Site Scripting in CraftCMS
  • References

Backlinks

  • CVE-2021-27903
  • CraftCMS Zero-day Chain: XSS to SSTI triggering RCE

Copyright Vikrant Singh Chauhan © 2025

  • GitHub
  • Linkedin
  • Twitter
  • Mastodon