Lucene search
GitHub_MCVELIST:CVE-2023-33196HistoryMay 26, 2023 - 8:22 p.m.
CVE-2023-33196 Craft CMS stored XSS in review volume
2023-05-2620:22:23
CWE-80
GitHub_M
www.cve.org
3
craft cms
stored xss
review volumes
version 4.4.7
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
40.0%
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CNA Affected
[
{
"vendor": "craftcms",
"product": "cms",
"versions": [
{
"version": ">= 4.0.0-RC1, <= 4.4.6",
"status": "affected"
}
]
}
]Related
github
github
Craft CMS stored XSS in review volume
2023-05-26 13:55:42
osv
osv
CVE-2023-33196
2023-05-26 21:15:21
Craft CMS stored XSS in review volume
2023-05-26 13:55:42
veracode
veracode
Cross-Site Scripting (XSS)
2023-05-30 10:03:25
prion
prion
Cross site scripting
2023-05-26 21:15:00
nvd
nvd
CVE-2023-33196
2023-05-26 21:15:21
cve
cve
CVE-2023-33196
2023-05-26 21:15:21
CVSS3
5.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
EPSS
0.001
Percentile
40.0%
Related for CVELIST:CVE-2023-33196