Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Moderate severity
GitHub Reviewed
Published
Sep 17, 2022
to the GitHub Advisory Database
•
Updated Feb 3, 2023
Package
Affected versions
>= 3.7.0-beta.1, < 3.7.55.2
>= 4.0.0-RC1, < 4.2.1
Patched versions
3.7.55.2
4.2.1
Description
Published by the National Vulnerability Database
Sep 16, 2022
Published to the GitHub Advisory Database
Sep 17, 2022
Reviewed
Sep 20, 2022
Last updated
Feb 3, 2023
Credits
-
brandonkelly Analyst
Craft CMS
3.70-RC1–3.7.55.1and4.0.0-RC1–4.2.0.1are vulnerable to Cross Site Scripting (XSS) via entry revisions and drafts. Versions3.7.55.2and4.2.1contain patches for this issue.References