CVE-2021-45919

Description

Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.

How to fix CVE-2021-45919

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Packagist/studio-42/elfinder—no fix listed

Is CVE-2021-45919 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, <= 2.1.31

CVSS scores

References (2)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-45919
• WEBwww.trustwave.com/en-us/resources/blogs/spiderlabs-blog/from-stored-xss-to-rce-using-beef-and-elfinder-cve-2021-45919