craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists because the _fldTabHtml
and _fldFieldSelectorsHtml
functions of Cp.php
does not properly encode the tab
and groupName
parameters, allowing an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
craftcms/cms | le | 4.2.0.2 | |
craftcms/cms | le | 4.2.0.2 |