Description
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
Remediation
References
Related Vulnerabilities
Dotclear Other Vulnerability (CVE-2006-2866)
WordPress Plugin WP Google Maps Multiple Cross-Site Scripting Vulnerabilities (6.0.26)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1578)
Drupal Improper Input Validation Vulnerability (CVE-2019-6339)
WordPress Plugin Smart Slideshow 'upload.php' Arbitrary File Upload (2.1)