2 matches found
CVE-2017-8384
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments and getActionSegments need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052...
CVE-2017-8384
Craft CMS has a vulnerability CVE-2017-8384 (pre-2.6.2976) that enables XSS when HttpRequestService::getSegments() and getActionSegments() return arrays that need not be zero-based. The root cause is tied to an incomplete fix for CVE-2017-8052, per related advisories. Impact is Cross-Site Scripti...