CVE-2023-33196

Опубликовано: 26 мая 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 5.4

EPSS Низкий

Описание

Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.

Ссылки

https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7
Patch
https://github.com/craftcms/cms/releases/tag/4.4.7
Release Notes
https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5
Exploit
Third Party Advisory
https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7
Patch
https://github.com/craftcms/cms/releases/tag/4.4.7
Release Notes
https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

Версия от 4.0.1 (включая) до 4.4.7 (исключая)

cpe:2.3:a:craftcms:craft_cms:4.0.0:-:*:*:*:*:*:*

cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:*

EPSS

Процентиль: 23%

0.00075

Низкий

5.5 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-80

CWE-79

Связанные уязвимости

GHSA-cjmm-x9x9-m2w5

CVSS3: 5.5

github

больше 2 лет назад

Craft CMS stored XSS in review volume

EPSS

Процентиль: 23%

0.00075

Низкий

5.5 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-80

CWE-79