MEDIUM
Cmdbuild
CVE published 2026-05-10
CVE-2021-47925
CVE-2021-47925 describes multiple stored cross-site scripting vulnerabilities in CMDBuild 3.3.2. According to the supplied record, an authenticated attacker can inject arbitrary web script or HTML through crafted input in card creation and file upload endpoints, including Employee card parameters and SVG file attachments in the classes endpoint. The payloads execute when other users view the affected reco [truncated]