Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mw37-wx8p-gp45: Craft CMS vulnerable to Cross-site Scripting via Drafts

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. Version 4.2.1 contains a patch for this issue.

ghsa
#xss#git

Craft CMS vulnerable to Cross-site Scripting via Drafts

Moderate severity GitHub Reviewed Published Sep 17, 2022 • Updated Sep 20, 2022

Related news

CVE-2022-46496: CVE-2022-46496 - Missing TLS Certificate Validation in DoorEntry HOMETOUCH for iOS

BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.