craftcms/cms is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to improper validation of url parameters in label names or instruction of an entry type located in parameter.js
, which allows an attacker to inject and execute malicious JavaScript in the victims browser.
CPE | Name | Operator | Version |
---|---|---|---|
craftcms/cms | le | 4.3.6.1 | |
craftcms/cms | le | 4.3.6.1 |