Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-25491 - Vulnerability Database
Craft CMS

Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2026-25491

Medium
Reference: CVE-2026-25491
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-25491
Title: Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21 Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22.