Lucene search
Veracode Vulnerability DatabaseVERACODE:40731HistoryMay 30, 2023 - 10:03 a.m.
Cross-Site Scripting (XSS)
2023-05-3010:03:25
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
cross-site scripting
craftcms
xss
library
sanitize
user inputs
front end
attacker
inject
execute
javascript
reviewsession
assetindexer.ts
EPSS
0.001
Percentile
40.0%
craftcms/cms is vulnerable to Cross-Site Scripting (XSS) attacks. The library does not properly sanitize user inputs before it outputs to the front end, allowing an attacker to inject and execute malicious javascript through the reviewSession function in AssetIndexer.ts.
Related
cvelist
cvelist
CVE-2023-33196 Craft CMS stored XSS in review volume
2023-05-26 20:22:23
github
github
Craft CMS stored XSS in review volume
2023-05-26 13:55:42
osv
osv
CVE-2023-33196
2023-05-26 21:15:21
Craft CMS stored XSS in review volume
2023-05-26 13:55:42
prion
prion
Cross site scripting
2023-05-26 21:15:00
nvd
nvd
CVE-2023-33196
2023-05-26 21:15:21
cve
cve
CVE-2023-33196
2023-05-26 21:15:21