Lucene search
HistoryMay 09, 2023 - 4:15 p.m.
CVE-2023-31144
craft cms
cross-site scripting
feed widget
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
32.5%
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
Affected configurations
Node
craftcmscraft_cmsRange3.0.0–3.8.3
ORcraftcmscraft_cmsRange4.0.0–4.4.3
Related
osv
osv
craftcms/cms vulnerable to cross site scripting in RSS feed widget
2023-05-05 23:13:02
CVE-2023-31144
2023-05-09 16:15:14
veracode
veracode
Cross-Site Scripting (XSS)
2023-05-15 10:38:57
cvelist
cvelist
prion
prion
Cross site scripting
2023-05-09 16:15:00
github
github
craftcms/cms vulnerable to cross site scripting in RSS feed widget
2023-05-05 23:13:02
cve
cve
CVE-2023-31144
2023-05-09 16:15:14
thn
thn
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
32.5%
Related for NVD:CVE-2023-31144