Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists due to a failure to sanitize href tags values and does not restrict URL schemes, allowing attackers to execute arbitrary JavaScript in a victim’s browser.