7 matches found
CVE-2026-33051
Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...
CVE-2026-33051
Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...
CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu
Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...
CVE-2026-33051
Craft CMS 5.9.x versions 5.9.0-beta.1 through 5.9.10 are affected by a Stored XSS in the revision/draft context menu. The issue arises from rendering the creator’s fullName as raw HTML due to Template::raw() used with Craft::t() interpolation, allowing a low-privilege CP user to inject an XSS pay...
CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu
Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...
GHSA-3X4W-MXPF-FHQQ Craft CMS Vulnerable to Stored XSS in Revision Context Menu
The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...
Craft CMS Vulnerable to Stored XSS in Revision Context Menu
The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...