Cross Site Scripting Vulnerability in CraftCMS by Pixel & Tonic
CVE-2023-30177

6.1MEDIUM

Key Information:

Vendor: Craftcms
Status: Craft Cms
Vendor: CVE Published:; 25 April 2023

What is CVE-2023-30177?

CraftCMS version 3.7.59 is susceptible to a Cross Site Scripting (XSS) vulnerability. This issue allows attackers to inject malicious JavaScript code into the Volume Name field, potentially compromising the security of the application by manipulating user interactions and data. Users of CraftCMS should be aware of this vulnerability and apply necessary patches and updates to safeguard their systems from such attacks.

References

https://github.com/craftcms/cms/commit/00fb253d5318e10204...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 25, 2023
Vulnerability Reserved
Apr 7, 2023

Craftcms

What is CVE-2023-30177?

References

CVSS V3.1

Timeline