0.0005 Low
EPSS
Percentile
18.4%
craftcms/cms is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a lack of user-input sanitization in Craft parameter of Asset.php which allows an attacker to inject and execute arbitrary JavaScript into the browser.
Craft
Asset.php
github.com/advisories/GHSA-wv7j-rc2q-9j67
github.com/craftcms/cms/commit/00fb253d5318e10204433e5d93934108e574005e