Описание
Comments plugin stored Cross-site Scripting (XSS) via an asset volume name
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
Пакеты
Наименование
verbb/comments
composer
Затронутые версииВерсия исправления
< 1.5.5
1.5.5
Связанные уязвимости
CVSS3: 5.4
nvd
больше 5 лет назад
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.