craftcms/cms is vulnerable to Cross-Site Scripting (XSS). The vulnerability exists in the RSS widget because of a malformed title which allows an attacker to inject and execute arbitrary JavaScript.
CPE | Name | Operator | Version |
---|---|---|---|
craftcms/cms | le | 3.8.3 | |
craftcms/cms | le | 4.4.3 | |
craftcms/cms | le | 3.8.3 | |
craftcms/cms | le | 4.4.3 |