craftcms/cms is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user via the title
parameter.
CPE | Name | Operator | Version |
---|---|---|---|
craftcms/cms | le | 3.0.35 |