craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists due to a failure to sanitize href tags values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
craftcms/cms | le | 3.6.12.1 |