Cross-Site Scripting (XSS)

2019-10-1109:19:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.001

Percentile

36.1%

JSON

Craft CMS is vulnerable to cross-site scripting (XSS) attack. The attack is possible because the name attribute in site deletion is not properly validated, allowing an attacker to inject arbitrary script through it.

References

github.com/craftcms/cms/blob/develop/CHANGELOG-v3.md#338---2019-10-09

github.com/craftcms/cms/commit/0ee66d29281af2b6c4f866e1437842c61983a672

EPSS

0.001

Percentile

36.1%

JSON

Related for VERACODE:21688