CVE-2023-33194

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.4.6

Description The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. An older issue fixed the XSS in label HTML but did not address it when clicking save.

Recommendations For versions prior to 4.4.6, update to version 4.4.6 to resolve the issue. As a temporary workaround, consider avoiding the use of the Quick Post feature until the update is applied. Restrict access to the admin dashboard and limit the ability to create or edit sections and entries to minimize the risk of exploitation.