EPSS
Percentile
36.1%
Craft CMS is vulnerable to cross-site scripting (XSS) attack. The attack is possible because the name attribute in site deletion is not properly validated, allowing an attacker to inject arbitrary script through it.
name
github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09
github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672