Home > Vulnerability Database > CVE-2021-41236

Mend.io Vulnerability Database

CVE-2021-41236

Date: January 4, 2022

OroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.

Language: PHP

Severity Score

6.9

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41236

Url: https://github.com/oroinc/platform/commit/2a089c971fc70bc63baf8770d29ee515ce5a415a

Url: https://github.com/oroinc/platform

Url: https://github.com/oroinc/platform/security/advisories/GHSA-qv7g-j98v-8pp7

Url: https://www.mend.io/vulnerability-database/CVE-2021-41236

Severity Score

6.9

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41236

Date: January 4, 2022

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?