Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-9554 - Vulnerability Database

Craft CMS

Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2019-9554

Medium

Reference: CVE-2019-9554

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-9554

Title: Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

In the 3.1.12 Pro version of Craft CMS XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.