Lucene search
GitHub_MCVELIST:CVE-2023-31144HistoryMay 09, 2023 - 3:22 p.m.
CVE-2023-31144 Craft CMS vulnerable to cross site scripting in RSS feed widget
2023-05-0915:22:39
CWE-79
GitHub_M
www.cve.org
cve-2023-31144
craft cms
cross-site scripting
rss feed widget
version 3.8.4
version 4.4.4
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
32.5%
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
CNA Affected
[
{
"vendor": "craftcms",
"product": "cms",
"versions": [
{
"version": ">= 3.0.0, < 3.8.4",
"status": "affected"
},
{
"version": ">= 4.0.0, < 4.4.4",
"status": "affected"
}
]
}
]Related
osv
osv
craftcms/cms vulnerable to cross site scripting in RSS feed widget
2023-05-05 23:13:02
CVE-2023-31144
2023-05-09 16:15:14
veracode
veracode
Cross-Site Scripting (XSS)
2023-05-15 10:38:57
prion
prion
Cross site scripting
2023-05-09 16:15:00
github
github
craftcms/cms vulnerable to cross site scripting in RSS feed widget
2023-05-05 23:13:02
cve
cve
CVE-2023-31144
2023-05-09 16:15:14
nvd
nvd
CVE-2023-31144
2023-05-09 16:15:14
thn
thn
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
32.5%
Related for CVELIST:CVE-2023-31144