Описание
Cross Site Scripting in CraftCMS
CraftCMS prior to version 3.7.68 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
Пакеты
Наименование
craftcms/cms
composer
Затронутые версииВерсия исправления
< 3.7.68
3.7.68
Связанные уязвимости
CVSS3: 6.1
nvd
почти 3 года назад
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.