Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2023-64641
HistoryAug 12, 2023 - 12:00 a.m.

CrafterCMS is an open source headless CMS for enterprise-level websites and other content-driven digital experiences, especially those that are high-performance, large-scale and ultra-secure. CrafterCMS suffers from a cross-site scripting vulnerability in versions 3.1.0 through 3.1.27 and 4.0.0 through 4.0.2. The vulnerability is due to improper neutralization of inputs during page generation allowing for reflected XSS.No detailed vulnerability details are available at this time.

2023-08-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
20
craftercms
open source
headless cms
cross-site scripting
vulnerability
wordpress
blogging platform
php
mysql
wordpress plugin
csrf checking
attacker
arbitrary web script
html

EPSS

0.001

Percentile

36.9%

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin WP Shopping Pages version 1.14 and earlier versions, which stems from the absence of CSRF checking in certain places and a lack of cleanup and escaping. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a crafted payload.

EPSS

0.001

Percentile

36.9%