Security Advisory

CVE-2023-2817

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-05-26 00:00:00

Last updated 2025-01-15 15:48:32

Assigner tenable

State PUBLISHED

Description

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.

← Browse all CVEs View on cve.org ↗