Lucene search
Veracode Vulnerability DatabaseVERACODE:39768HistoryMar 14, 2023 - 8:29 a.m.
Cross-site Scripting (XSS)
2023-03-1408:29:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
craftcms
xss
vulnerability
url parameters
label names
entry type
parameter.js
0.001 Low
EPSS
Percentile
29.0%
craftcms/cms is vulnerable to Cross-site Scripting (XSS). The vulnerability exists due to improper validation of url parameters in label names or instruction of an entry type located in parameter.js, which allows an attacker to inject and execute malicious JavaScript in the victims browser.
| CPE | Name | Operator | Version |
|---|---|---|---|
| craftcms/cms | le | 4.3.6.1 | |
| craftcms/cms | le | 4.3.6.1 |
References
Related
cve
cve
CVE-2023-23927
2023-03-03 22:15:09
osv
osv
Craft CMS Stored Cross-site Scripting Injection Vulnerability
2023-03-03 22:45:50
CVE-2023-23927
2023-03-03 22:15:09
prion
prion
Cross site scripting
2023-03-03 22:15:00
nvd
nvd
CVE-2023-23927
2023-03-03 22:15:09
github
github
Craft CMS Stored Cross-site Scripting Injection Vulnerability
2023-03-03 22:45:50
cvelist
cvelist
CVE-2023-23927 Craft CMS stored cross-site scripting vulnerability
2023-03-03 21:58:26