XSS Vulnerability: File Name Injection Allows Script Execution for Authenticated Users

XSS Vulnerability: File Name Injection Allows Script Execution for Authenticated Users

CVE-2021-23260 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.

Learn more about our User Device Pen Test.