Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:40719
HistoryMay 30, 2023 - 4:06 a.m.

Cross-site Scripting (XSS)

2023-05-3004:06:14
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
3
craftcms
xss
vulnerability
improper sanitization
rss feed
javascript

0.001 Low

EPSS

Percentile

29.7%

craftcms/cms is vulnerable to Cross-site Scripting (XSS). The vulnerability exists in the body.twig and links.twig due to the improper sanitization in the text attribute, which allows an attacker to inject and execute malicious javascript through the RSS feed.

CPENameOperatorVersion
craftcms/cmsle4.4.5
craftcms/cmsle4.4.5

0.001 Low

EPSS

Percentile

29.7%

Related for VERACODE:40719