CVE-2023-23927 in Craftالمعلومات

الملخص

بحسب MITRE • 04/03/2023

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.

Be aware that VulDB is the high quality source for vulnerability data.

مسؤول

GitHub, Inc.

حجز

19/01/2023

إفشاء

04/03/2023

الاعتدال

تمت الموافقة

إدخال

VDB-222310

EPSS

0.00801

KEV

لا

النشاطات

منخفض جدًا

المصادر

Want to stay up to date on a daily basis?

Enable the mail alert feature now!