GHSA-9F5H-MMQ6-2X78 Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields
Summary A stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|raw Twig filter without proper escaping, allowing script execution when the Number field is displayed on users' profiles. Proof of Concept Required Permissions -...