CraftCMS Zero-day Chain: XSS to SSTI triggering RCE Public Disclosure of CVE-2021-27902 and CVE-2021-27903 July 29, 2021 ◦ 14 min ◦ Security #CraftCMS #XSS #SSTI #RCE #bug bounty #stored cross site scripting #server side template injection #remote code execution #CVE-2021-27902 #CVE-2021-27903