Stored XSS Vulnerability in Crafter CMS - Crafter Studio by Crafter Software
CVE-2017-15682

6.1MEDIUM

Key Information:

Vendor: Craftercms
Status: Crafter Cms
Vendor: CVE Published:; 27 November 2020

What is CVE-2017-15682?

In Crafter CMS's Crafter Studio version 3.0.1, an unauthenticated attacker can exploit a stored Cross-Site Scripting (XSS) vulnerability by injecting malicious JavaScript code. This vulnerability allows the attacker to execute the injected code within the admin panel, potentially leading to unauthorized actions and data exposure. It is crucial for users of this version to implement security measures and patch the vulnerability to safeguard their systems.

References

http://crafter.com

x_refsource_MISC

https://docs.craftercms.org/en/3.0/security/advisory.html

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 27, 2020
Vulnerability Reserved
Oct 20, 2017

Craftercms

What is CVE-2017-15682?

References

CVSS V3.1

Timeline