CVE-2021-41236

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-41236

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41236.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-41236

Aliases

GHSA-qv7g-j98v-8pp7

Related

GHSA-qv7g-j98v-8pp7

Published

2022-01-04T19:15:14.763Z

Modified

2026-02-06T04:28:34.942608Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.

References

Affected packages

Git / github.com/oroinc/platform

Affected ranges

Type: GIT
Repo: https://github.com/oroinc/platform
Events: Fixed

2a089c971fc70bc63baf8770d29ee515ce5a415a

Introduced

02bffd6c9c5cef5a16916b4c96cd4fab109fb999

Fixed

653f2a93749ff5719b55a40b1400594dbda230d2

Affected versions

4.*

4.2.0

4.2.1

4.2.2

4.2.3

4.2.4

4.2.5

4.2.6

4.2.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41236.json"