Описание
Stored cross site scripting in Craft CMS
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. This issue was patched in version 4.4.12.
Пакеты
Наименование
craftcms/cms
composer
Затронутые версииВерсия исправления
>= 4.0.0-RC1, < 4.4.12
4.4.12
Связанные уязвимости
CVSS3: 5.4
nvd
больше 2 лет назад
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.