Lucene search
TenableCVELIST:CVE-2023-2817HistoryMay 26, 2023 - 12:00 a.m.
CVE-2023-2817
2023-05-2600:00:00
tenable
www.cve.org
1
cve-2023-2817
post-authentication
stored
cross-site scripting
craft cms
html
field names
injection
category
section
user visit
EPSS
0.001
Percentile
29.6%
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
CNA Affected
[
{
"vendor": "n/a",
"product": "Craft CMS",
"versions": [
{
"version": "versions prior or equal to version 4.4.11",
"status": "affected"
}
]
}
]Related
cve
cve
CVE-2023-2817
2023-05-26 17:15:17
veracode
veracode
Cross-Site Scripting (XSS)
2023-06-20 10:10:42
github
github
Stored cross site scripting in Craft CMS
2023-05-26 18:30:21
nvd
nvd
CVE-2023-2817
2023-05-26 17:15:17
osv
osv
Stored cross site scripting in Craft CMS
2023-05-26 18:30:21
CVE-2023-2817
2023-05-26 17:15:17
prion
prion
Cross site scripting
2023-05-26 17:15:00