CVE-2023-23927 in Craftinformation

Résumé

par MITRE • 04/03/2023

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.

Be aware that VulDB is the high quality source for vulnerability data.

Responsable

GitHub, Inc.

Réserver

19/01/2023

Divulgation

04/03/2023

Modérer

accepté

Entrée

VDB-222310

CPE

prêt

EPSS

0.00801

KEV

non

Activités

très faible

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!