Vulnerability Database

Published: Dec 2, 2021
Updated: Nov 16, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23260" target="_blank" rel="noopener"> CVE-2021-23260
Severity: Medium
Exploit:

309,237

Total vulnerabilities in the database

Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.

CVSS v3:

CVSS v2:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
craftercms / crafter_cms	3.1.0	3.1.12

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.