CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields

Craft is a platform for creating digital experiences. In Craft versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21, a stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|raw Twig filter without proper escaping,...

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft. Versions of Craft CMS from 4.0.0-RC1 to 4.16.17, as well as from 5.0.0-RC1 to 5.8.21, have a cross-site scripting vulnerability. This vulnerability stems from improper escaping of prefix and suffix fields during rendering,...