Cross Site Scripting Vulnerability in CraftCMS by Pixel & Tonic
CVE-2023-30177

6.1MEDIUM

Key Information:

Vendor
Craftcms
Status
Craft Cms
Vendor
CVE Published:
25 April 2023

Summary

CraftCMS version 3.7.59 is susceptible to a Cross Site Scripting (XSS) vulnerability. This issue allows attackers to inject malicious JavaScript code into the Volume Name field, potentially compromising the security of the application by manipulating user interactions and data. Users of CraftCMS should be aware of this vulnerability and apply necessary patches and updates to safeguard their systems from such attacks.

References

https://github.com/craftcms/cms/commit/00fb253d5318e10204...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-30177 : Cross Site Scripting Vulnerability in CraftCMS by Pixel & Tonic | SecurityVulnerability.io