CVE-2024-45406

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.
Configurations

Configuration 1 (hide)

cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

History

13 Sep 2024, 15:30

Type Values Removed Values Added
First Time Craftcms
Craftcms craft Cms
References () https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8 - () https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8 - Patch
References () https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42 - () https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42 - Exploit, Vendor Advisory
Summary
  • (es) Craft es un sistema de gestión de contenido (CMS). El XSS almacenado en Craft CMS 5 se puede activar mediante la lista de navegación y los campos de título con la entrada del usuario.
CVSS v2 : unknown
v3 : 5.5
v2 : unknown
v3 : 4.8
CPE cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*

09 Sep 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-09 17:15

Updated : 2024-09-13 15:30


NVD link : CVE-2024-45406

Mitre link : CVE-2024-45406

CVE.ORG link : CVE-2024-45406


JSON object : View

Products Affected

craftcms

  • craft_cms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-80

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)