Описание
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
Ссылки
- Release Notes
- ExploitVendor Advisory
- ExploitThird Party Advisory
- Release Notes
- ExploitVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 4.3.7 (исключая)
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.0955
Низкий
6.1 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 6.1
github
почти 3 года назад
Craft CMS Stored Cross-site Scripting Injection Vulnerability
EPSS
Процентиль: 93%
0.0955
Низкий
6.1 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-79