6 matches found
CVE-2023-33196
CVE-2023-33196 corresponds to a stored XSS vulnerability in Craft CMS triggered via review volumes during asset indexing. Public descriptions consistently state that the issue was fixed in version 4.4.7. The root cause revolves around insufficient sanitization of data in the review/asset-indexing...
CVE-2023-33196 Craft CMS stored XSS in review volume
Craft is a CMS for creating custom digital experiences. Cross site scripting XSS can be triggered by review volumes. This issue has been fixed in version 4.4.7...
CVE-2023-33196 Craft CMS stored XSS in review volume
Craft is a CMS for creating custom digital experiences. Cross site scripting XSS can be triggered by review volumes. This issue has been fixed in version 4.4.7...
CVE-2023-33196 Craft CMS stored XSS in review volume
Craft is a CMS for creating custom digital experiences. Cross site scripting XSS can be triggered by review volumes. This issue has been fixed in version 4.4.7...
Craft CMS stored XSS in review volume
Summary XSS can be triggered by review volumes PoC 1. Access setting tab 2. Create new assets 3. In assets name inject payload: "alert1337 4. Click Utilities tab 5. Choose all volumes, or volume trigger xss 6. Click Update asset indexes. 7. Wait to assets update success. 8. Progress complete. 9...
Craft CMS 跨站脚本漏洞
Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic, Inc. A security vulnerability exists in Craft CMS, which stems from a cross-site scripting vulnerability that can be triggered by review volumes...