Description
An anonymous user can craft a URL with text that ends up in the log viewer as is. The text can then include textual messages to mislead the administrator.
Remediation
References
https://docs.craftercms.org/en/3.1/security/advisory.html#cv-2022051602
Related Vulnerabilities
CVE-2013-4517 Vulnerability in maven package org.apache.santuario:xmlsec
CVE-2020-8203 Vulnerability in maven package org.fujion.webjars:lodash
CVE-2020-2210 Vulnerability in maven package org.jenkins-ci.plugins:stashbranchparameter
CVE-2018-1309 Vulnerability in maven package org.apache.nifi:nifi-standard-processors
CVE-2022-36910 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search