Lucene search

GitHub Advisory DatabaseGHSA-M3V5-GJJ9-RG24

HistoryJun 20, 2023 - 3:31 p.m.

Craft CMS vulnerable to HTML injection

2023-06-2015:31:08

CWE-79

GitHub Advisory Database

github.com

craft cms

4.4.9

html injection

vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.9%

JSON

Craft CMS through 4.4.9 is vulnerable to HTML Injection.

Affected configurations

Vulners

Node

craftcmscmsRange≤4.4.9

VendorProductVersionCPE
craftcmscms*cpe:2.3:a:craftcms:cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
craftcms	cms	*	cpe:2.3:a:craftcms:cms::::::::

References

github.com/advisories/GHSA-m3v5-gjj9-rg24

medium.com/@mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212

nvd.nist.gov/vuln/detail/CVE-2023-33495

owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.9%

JSON

Related for GHSA-M3V5-GJJ9-RG24