CVE-2023-31144

CVSS V2 None CVSS V3 None

Description

Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.

Overview

CVE ID
CVE-2023-31144

Assigner
security-advisories@github.com

Vulnerability Status
Received

Published Version
2023-05-09T16:15:14

Last Modified Date
2023-05-09T16:15:14

Weakness Enumerations

CWE	URL
CWE-79	http://cwe.mitre.org/data/definitions/79.html

References

Reference URL	Reference Tags
https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442
https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-31144
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31144

History

Created	Old Value	New Value	Data Type	Notes
2023-05-09 17:01:44				Added to TrackCVE
2023-05-09 17:01:50			Weakness Enumeration	new