Описание
Craft CMS Audit Plugin Cross Site Scripting vulnerability
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-36259
- https://github.com/sjelfull/craft-audit/pull/73
- https://github.com/sjelfull/craft-audit/commit/c2888aa48457f24696ac0a2ba4f54f39e5c672ed
- https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D
Пакеты
Наименование
superbig/craft-audit
composer
Затронутые версииВерсия исправления
< 3.0.2
3.0.2
Связанные уязвимости
CVSS3: 5.4
nvd
около 2 лет назад
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.