WEB APPLICATION VULNERABILITIES Standard & Premium

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30177)

Description

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

Remediation

References

Related Vulnerabilities

WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)

Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)

WordPress Plugin WordPress Appointment Schedule Booking System Cross-Site Scripting (1.0)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2550)

WordPress Plugin Custom Permalinks SQL Injection (1.1)

Severity

Medium

Classification

CVE-2023-30177 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities