Описание
moonshine Stored Cross-Site Scripting Vulnerability in Create Article
A stored cross-site scripting (XSS) vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Link parameter.
Пакеты
Наименование
moonshine/moonshine
composer
Затронутые версииВерсия исправления
< 3.12.4
3.12.4
Связанные уязвимости
CVSS3: 4.5
nvd
6 месяцев назад
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.5, allowing to execute arbitrary JavaScript by using "javascript:" payload, instead of the expected HTTPS protocol, in the CutCode Link parameter when creating/updating a new Article.