9 matches found
EUVD-2023-1487
Malicious code in bioql PyPI...
CVE-2023-33197
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting XSS can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6...
Cross-Site Scripting (XSS)
craftcms/cms is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly sanitize user inputs before it output to the front end, allowing an attacker to inject and execute malicious javascript through the getIndexingSessionRowHtml function in AssetIndexer.ts via the Update...
Cross site scripting
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting XSS can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6...
CVE-2023-33197 Craft CMS stored XSS in indexedVolumes
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting XSS can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6...
Craft CMS stored XSS in indexedVolumes
Summary XSS can be triggered via the Update Asset Index utility PoC 1. Access setting tab 2. Create new assets 3. In assets name inject payload: "alert26 4. Click Utilities tab 5. Choose all volumes, or volume trigger xss 7. Click Update asset indexes. XSS will be triggered Json response volumes...
GHSA-6QJX-787V-6PXR Craft CMS stored XSS in indexedVolumes
Summary XSS can be triggered via the Update Asset Index utility PoC 1. Access setting tab 2. Create new assets 3. In assets name inject payload: "alert26 4. Click Utilities tab 5. Choose all volumes, or volume trigger xss 7. Click Update asset indexes. XSS will be triggered Json response volumes...
PT-2023-24214 · Craft · Craft
Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.4.6 Description: Cross-site scripting XSS can be triggered via the Update Asset Index utility. This issue allows an attacker to inject malicious scripts, potentially leading to unauthorized access or data theft. The...
Craft CMS 跨站脚本漏洞
Pixel & tonic Craft CMS is a content management system CMS from Pixel & tonic, Inc. A security vulnerability exists in Craft CMS, which stems from a cross-site scripting vulnerability that can be triggered by the Update Asset Index utility...