Cross-Site Scripting (XSS)

2023-05-0805:41:58

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

craftcms

asset.php

javascript

vulnerability

0.0005 Low

EPSS

Percentile

18.4%

JSON

craftcms/cms is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of user-input sanitization in Craft parameter of Asset.php which allows an attacker to inject and execute arbitrary JavaScript into the browser.

CPENameOperatorVersion
craftcms/cmseq3.8.0-beta.1
craftcms/cmsle3.7.67
craftcms/cmsle4.3.10
craftcms/cmsle4.4.0-beta.2
craftcms/cmseq3.8.0-beta.1
craftcms/cmsle3.7.67
craftcms/cmsle4.3.10
craftcms/cmsle4.4.0-beta.2

Name	Operator	Version
craftcms/cms	eq	3.8.0-beta.1
craftcms/cms	le	3.7.67
craftcms/cms	le	4.3.10
craftcms/cms	le	4.4.0-beta.2
craftcms/cms	eq	3.8.0-beta.1
craftcms/cms	le	3.7.67
craftcms/cms	le	4.3.10
craftcms/cms	le	4.4.0-beta.2