Headline

GHSA-wv7j-rc2q-9j67: Cross Site Scripting in CraftCMS

CraftCMS prior to version 3.7.68 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

1 year ago

ghsa

Open in Source

#xss #git #java

Cross Site Scripting in CraftCMS

Moderate severity GitHub Reviewed Published Apr 25, 2023 to the GitHub Advisory Database • Updated Apr 26, 2023

Users of Advanced Custom Fields plugin for WordPress are being urged to update version 6.1.6 following the discovery of a security flaw. The issue, assigned the identifier CVE-2023-30777, relates to a case of reflected cross-site scripting (XSS) that could be abused to inject arbitrary executable scripts into otherwise benign websites. The plugin, which is available both as a free and pro

1 year ago

The Hacker News

Open in Source

#xss #vulnerability #web #java #wordpress #auth #The Hacker News

CVE-2023-30177: Fixed an XSS vulnerability. · craftcms/cms@00fb253

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

1 year ago

CVE

Open in Source

#xss #vulnerability #git #java #php #perl