Lucene search
GitHub Advisory DatabaseGHSA-J4MX-98HW-6RV6HistoryMay 05, 2023 - 11:13 p.m.
craftcms/cms vulnerable to cross site scripting in RSS feed widget
2023-05-0523:13:02
CWE-79
GitHub Advisory Database
github.com
9
craftcms
xss
vulnerability
patched
rss feed
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
32.5%
A malformed title in the feed widget of craftcms/cms can deliver an XSS payload. This has been resolved in this commit.
Affected configurations
Node
craftcmscraft_cmsRange≤4.4.3
ORcraftcmscraft_cmsRange≤3.8.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| craftcms/cms | le | 4.4.3 | |
| craftcms/cms | le | 3.8.3 |
Related
osv
osv
craftcms/cms vulnerable to cross site scripting in RSS feed widget
2023-05-05 23:13:02
CVE-2023-31144
2023-05-09 16:15:14
veracode
veracode
Cross-Site Scripting (XSS)
2023-05-15 10:38:57
cvelist
cvelist
prion
prion
Cross site scripting
2023-05-09 16:15:00
cve
cve
CVE-2023-31144
2023-05-09 16:15:14
nvd
nvd
CVE-2023-31144
2023-05-09 16:15:14
thn
thn
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
32.5%
Related for GHSA-J4MX-98HW-6RV6