CVE-2023-33194
CVSS V2 None
CVSS V3 None
Description
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6.
Overview
- CVE ID
- CVE-2023-33194
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-05-26T20:30:23.382Z
- Last Modified Date
- 2023-05-26T20:30:23.382Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9 | x_refsource_CONFIRM |
| https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888 | x_refsource_MISC |
| https://github.com/craftcms/cms/releases/tag/4.4.6 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-33194 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33194 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 08:24:49 | Added to TrackCVE |