Headline

GHSA-qcrj-6ffc-v7hq: Craft CMS Stored Ctos-site Scripting Injection Vulnerability

Summary

When you insert a payload inside a label name or instruction of an entry type, an XSS happens in the quick post widget on the admin dashboard.

PoC

Complete instructions, including specific configuration details, to reproduce the vulnerability.

Impact

Tested with the free version of Craft CMS 4.3.6.1

1 year ago

ghsa

Open in Source

#xss #vulnerability #git

Craft CMS Stored Ctos-site Scripting Injection Vulnerability

Moderate severity GitHub Reviewed Published Mar 3, 2023 in craftcms/cms • Updated Mar 3, 2023

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.

1 year ago

CVE

Open in Source

#xss #vulnerability #git