Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
References
Link | Resource |
---|---|
https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f | Patch |
https://github.com/craftcms/cms/releases/tag/4.4.6 | |
https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x | Exploit Patch Vendor Advisory |
Configurations
History
02 Jun 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Jun 2023, 13:49
Type | Values Removed | Values Added |
---|---|---|
First Time |
Craftcms
Craftcms craft Cms |
|
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | (MISC) https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f - Patch | |
References | (MISC) https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x - Exploit, Patch, Vendor Advisory | |
CPE | cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* |
27 May 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-27 04:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-33195
Mitre link : CVE-2023-33195
CVE.ORG link : CVE-2023-33195
JSON object : View
Products Affected
craftcms
- craft_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')