craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists in the createNewElement
function of BaseElementSelectInput.js
due to a lack of sanitization in the elementInfo
attribute, allowing an attacker to inject and execute malicious javascript.
CPE | Name | Operator | Version |
---|---|---|---|
craftcms/cms | le | 3.7.50 | |
craftcms/cms | le | 4.2.0.2 | |
craftcms/cms | le | 3.7.50 | |
craftcms/cms | le | 4.2.0.2 |