Description Craft CMS before 2.6.2974 allows XSS attacks. Remediation References CVE-2017-8052 Related Vulnerabilities WordPress Plugin Extend WordPress-Various Shortcodes & Widgets TimThumb Arbitrary File Upload (2.1.01) WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.97) Claroline Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3261) OpenSSL Improper Authentication Vulnerability (CVE-2009-0653) WordPress CVE-2019-17673 Vulnerability (CVE-2019-17673) Severity Medium Classification CVE-2017-8052 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities