Description

An issue discovered in Craft CMS version 4.6.1. allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected.

Remediation

References

CVE-2023-36260

Related Vulnerabilities

WordPress Plugin Contact Form 7 Database Addon-CFDB7 Unspecified Vulnerability (1.2.5.7)

Jboss EAP CVE-2016-6796 Vulnerability (CVE-2016-6796)

Oracle HTTP Server Uncontrolled Recursion Vulnerability (CVE-2021-42717)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.3.17)

WordPress Plugin ShareYourCart Information Disclosure (1.6.1)

Severity

High

Classification

CVE-2023-36260 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities