Craft CMS Stored XSS Vulnerability
CVE-2024-45406

4.8MEDIUM

Key Information:

Vendor

Craftcms

Status
Cms
Vendor
CVE Published:
9 September 2024

What is CVE-2024-45406?

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.

Affected Version(s)

cms >= 5.0.0, < 5.1.2

References

https://github.com/craftcms/cms/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/craftcms/cms/commit/b7348942f8131b3868...
x_refsource_MISC

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.