CVE-2023-3169

Name of the Vulnerable Software and Affected Versions tagDiv Composer Plugin versions prior to 4.2

Description The issue exists due to the lack of proper validation and escaping of certain parameters, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. This is because the plugin does not have authorization in a REST route and does not properly validate and escape some parameters when outputting them back.

Recommendations For versions prior to 4.2, update to version 4.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST route until a patch is available. Avoid using the vulnerable plugin until the issue is resolved.