Lucene search

[email protected]CVE-2023-4136

HistoryAug 03, 2023 - 3:15 p.m.

CVE-2023-4136

2023-08-0315:15:34

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-4136

cross-site scripting

xss

craftercms

4.0.0

4.0.2

3.1.0

3.1.27

web page generation

nvd

windows

macos

linux

x86

arm

64 bit

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

20.8%

JSON

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.

Affected configurations

NVD

Node

applemacosMatch-arm

applemacosMatch-x64

applemacosMatch-x86

linuxlinux_kernelMatch-arm

linuxlinux_kernelMatch-x64

linuxlinux_kernelMatch-x86

microsoftwindowsMatch-arm

microsoftwindowsMatch-x64

microsoftwindowsMatch-x86

AND

craftercmscraftercmsRange3.1.0–3.1.27

craftercmscraftercmsRange4.0.0–4.0.2

CPENameOperatorVersion
craftercms:craftercmscraftercmsle3.1.27
craftercms:craftercmscraftercmsle4.0.2

CPE	Name	Operator	Version
craftercms:craftercms	craftercms	le	3.1.27
craftercms:craftercms	craftercms	le	4.0.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "Engine",
    "platforms": [
      "Windows",
      "MacOS",
      "Linux",
      "x86",
      "ARM",
      "64 bit"
    ],
    "product": "CrafterCMS",
    "vendor": "CrafterCMS",
    "versions": [
      {
        "lessThanOrEqual": "4.0.2",
        "status": "affected",
        "version": "4.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "3.1.27",
        "status": "affected",
        "version": "3.1.0",
        "versionType": "semver"
      }
    ]
  }
]