PT-2023-21605 · Craft Cms · Craft Cms
Joshua Martinelle
·
Published
2023-05-26
·
Updated
2025-01-15
·
CVE-2023-2817
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Craft CMS versions <= 4.4.11
Description
A post-authentication stored cross-site scripting issue exists, allowing HTML, including script tags, to be injected into field names. This injection triggers when users visit the Categories or Entries pages after the field is added to a category or section.
Recommendations
For Craft CMS versions <= 4.4.11, update to version 4.4.12 to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Craft Cms