PT-2017-18983 · Pixel & Tonic · Craft Cms

Ahsan Tahir

·

Published

2017-06-08

·

Updated

2022-05-17

·

CVE-2017-9516

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Craft CMS versions prior to 2.6.2982
Description The issue allows for a potential XSS attack vector by uploading a malicious SVG file.
Recommendations For versions prior to 2.6.2982, update to version 2.6.2982 or later to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-9516
GHSA-6PVW-HH48-JX7P

Affected Products

Craft Cms