2 matches found
CVE-2019-12823
Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS...
CVE-2019-12823
Craft CMS before 3.1.31 is vulnerable to cross-site scripting due to improper filtering of XML feeds. Affects Craft CMS core XML feed handling; attacker could inject and execute client-side scripts. CVSS metrics indicate MEDIUM severity (CVSS 3.1 base 6.1) with network access, no privileges requi...