Vulnerabilities > CVE-2023-31144 - Unspecified vulnerability in Craftcms Craft CMS
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
Vulnerable Configurations
References
- https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442
- https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6
- https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442
- https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6