Craftcms: >> Craft Cms >> 4.3.5 Security Vulnerabilities
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
CVSS Score
6.1
EPSS Score
0.004
Published
2023-05-09
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
CVSS Score
6.1
EPSS Score
0.008
Published
2023-03-03
Page 6