{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "3.0.0"
              },
              {
                "fixed": "3.0.2"
              },
              {
                "introduced": "3.1.0"
              },
              {
                "fixed": "3.1.4"
              },
              {
                "introduced": "4.0.0"
              },
              {
                "fixed": "4.0.7"
              },
              {
                "introduced": "4.1.0"
              },
              {
                "fixed": "4.1.2"
              },
              {
                "introduced": "4.2.0"
              },
              {
                "fixed": "4.2.4"
              },
              {
                "introduced": "4.3.0"
              },
              {
                "fixed": "4.3.3"
              },
              {
                "introduced": "4.4.0"
              },
              {
                "fixed": "4.4.3"
              },
              {
                "introduced": "4.5.0"
              },
              {
                "fixed": "4.5.1"
              },
              {
                "introduced": "4.6.0"
              },
              {
                "fixed": "4.6.4"
              }
            ]
          },
          "events": [
            {
              "introduced": "0f5928c925db4174fdd3743deaf3a1a55962b6b8"
            },
            {
              "fixed": "95b26a10aaaa7ffcf7b2e841ce42223638b6b457"
            },
            {
              "introduced": "36aa4c1421433614bfae75ccadaeff9732a9f55e"
            },
            {
              "fixed": "fa720e7d44a2454fdd97b72901a2878993a4fe8d"
            },
            {
              "introduced": "cfdbb256dc84fc97e55a030d71f73ab4942c5b03"
            },
            {
              "fixed": "1fe21e59cd6d90d27c8e1668327faf4939cce6f1"
            },
            {
              "introduced": "216d7bf2caabd6e0ab718931f1b612f55bafe3a5"
            },
            {
              "fixed": "de5f55a1ef716798d100a20252cbbe5e740dc235"
            },
            {
              "introduced": "4c71cb9d6065ab421bf2bc71bd9f445cc92a921d"
            },
            {
              "fixed": "d962f7b25dfc63230ee91e51880d50c530d24c57"
            },
            {
              "introduced": "ce4e395b7bc031f1c52c1d4efb0d755f0dad28f9"
            },
            {
              "fixed": "6157a90c580028368069f60ae862806fa80447de"
            },
            {
              "introduced": "6a2b99c6c37b8b678c71c4de0f7098342ec50bb3"
            },
            {
              "fixed": "cdedfdd547538529c98c4eee536a04d13916d6ec"
            },
            {
              "introduced": "626804f02a0060c6182bd5b5509cc4ad058fc813"
            },
            {
              "fixed": "e8bf505335becfb799efeaeeb60353b4013d54b3"
            },
            {
              "introduced": "465fc08ba4da7435e97ec6ecbf5060b407672f61"
            },
            {
              "fixed": "ffcee0591542da3c07dcaa62989b92039a59350f"
            }
          ],
          "repo": "https://github.com/symbiote/silverstripe-queuedjobs",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "A vulnerability has been identified in the Silverstripe CMS 3 and 4 version of the symbiote/silverstripe-queuedjobs module. A Cross Site Scripting vulnerability allows an attacker to inject an arbitrary payload in the CreateQueuedJobTask dev task via a specially crafted URL.",
  "id": "CVE-2021-27938",
  "modified": "2026-04-01T23:08:39.724742828Z",
  "published": "2021-03-16T16:15:14.333Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/symbiote/silverstripe-queuedjobs/releases"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.silverstripe.org/download/security-releases/cve-2021-27938"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}