Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-33051

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.4CVSS5.7AI score0.00243EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:56 a.m.4 views

CVE-2026-33051

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS5.7AI score0.00243EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 5:56 a.m.3 views

CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS5.7AI score0.00243EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 5:56 a.m.15 views

CVE-2026-33051

Craft CMS 5.9.x versions 5.9.0-beta.1 through 5.9.10 are affected by a Stored XSS in the revision/draft context menu. The issue arises from rendering the creator’s fullName as raw HTML due to Template::raw() used with Craft::t() interpolation, allowing a low-privilege CP user to inject an XSS pay...

5.4CVSS5.7AI score0.00243EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/20 5:56 a.m.25 views

CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu

Craft CMS is a content management system CMS. In versions 5.9.0-beta.1 through 5.9.10, the revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user...

5.3CVSS0.00243EPSS
Exploits0References3
OSV
OSV
added 2026/03/18 12:58 p.m.7 views

GHSA-3X4W-MXPF-FHQQ Craft CMS Vulnerable to Stored XSS in Revision Context Menu

The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...

5.3CVSS5.8AI score0.00243EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/18 12:58 p.m.7 views

Craft CMS Vulnerable to Stored XSS in Revision Context Menu

The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...

5.4CVSS5.8AI score0.00243EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder