Description
An issue discovered in Craft CMS version 4.6.1. allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected.
Remediation
References
Related Vulnerabilities
Oracle JRE CVE-2013-1486 Vulnerability (CVE-2013-1486)
WordPress Plugin WP-RecentComments 'page' Parameter Cross-Site Scripting (2.0.6)
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7449)
MySQL CVE-2019-2531 Vulnerability (CVE-2019-2531)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32731)