CVE-2024-45406

Name of the Vulnerable Software and Affected Versions: Craft CMS 5 (affected versions not specified)

Description: The issue is related to stored XSS that can be triggered by the breadcrumb list and title fields with user input. Malicious users can tamper with the control panel. The vulnerability can be exploited in various pages, including the /admin/categories page, category edit page, /admin/entries page, entry edit page, and /admin/myaccount page. The title column and username or full name in the breadcrumb list are not sanitized, allowing XSS to be triggered.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.