CVE-2021-41236 – oro/platform

Package

Manager: composer
Name: oro/platform
Vulnerable Version: >=3.1.0 <3.1.21 || >=4.1.0 <4.1.14 || >=4.2.0 <4.2.8

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N

EPSS: 0.005 pctl0.64926

Details

XSS vulnerability on email template preview page ### Summary Email template preview is vulnerable to XSS payload added to email template content. The attacker should have permission to create or edit an email template. For successful payload, execution attacked user should preview a vulnerable email template. ### Workarounds There are no workarounds that address this vulnerability.

Metadata

Created: 2022-01-06T18:34:35Z
Modified: 2022-01-04T17:51:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-qv7g-j98v-8pp7/GHSA-qv7g-j98v-8pp7.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-qv7g-j98v-8pp7
Finding: F425
Auto approve: 1