CVE-2023-4136

Name of the Vulnerable Software and Affected Versions CrafterCMS versions 3.1.0 through 3.1.27 CrafterCMS versions 4.0.0 through 4.0.2

Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This affects CrafterCMS on various operating systems, including Windows, MacOS, and Linux, and different architectures such as x86, ARM, and 64-bit.

Recommendations For versions 3.1.0 through 3.1.27, update to a version outside of this range to mitigate the risk. For versions 4.0.0 through 4.0.2, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting input validation to prevent malicious script injections until a patch is available.