craftcms/cms is vulnerable to cross-site request forgery. The vulnerability exists because the CRAFT_CSRF_TOKEN
cookie in Request.php
gets improperly encoded, allowing an attacker to disclose the password hash through the HTML hidden field.
CPE | Name | Operator | Version |
---|---|---|---|
craftcms/cms | le | 3.7.32 | |
craftcms/cms | le | 3.7.32 |