Description

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.

Remediation

References

CVE-2024-45406

Related Vulnerabilities

WordPress Plugin FCChat Widget 'path' Parameter Cross-Site Scripting (2.1.7)

WordPress Plugin flickr picture backup Arbitrary File Upload (0.7)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3126)

Nexus Repository Manager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-34553)

Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-7929)

Severity

Medium

Classification

CVE-2024-45406 CWE-707 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities