Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-23927: Stored XSS Injection Vulnerability

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.

CVE
Open in Source
#xss#vulnerability#git

Summary

When you insert a payload inside a label name or instruction of an entry type, an XSS happens in the quick post widget on the
admin dashboard.

PoC2023-01-30.18-43-49.mp4Impact

Tested with the free version of Craft CMS 4.3.6.1

Related news

GHSA-qcrj-6ffc-v7hq: Craft CMS Stored Ctos-site Scripting Injection Vulnerability

### Summary _When you insert a payload inside a label name or instruction of an entry type, an XSS happens in the quick post widget on the admin dashboard._ ### PoC [_Complete instructions, including specific configuration details, to reproduce the vulnerability._](https://user-images.githubusercontent.com/53917092/215604129-d5b75608-5a24-4eb3-906f-55b192310298.mp4) ### Impact Tested with the free version of Craft CMS 4.3.6.1

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE