Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-2817
Reference:
CVE-2023-2817
Title:
Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions lt 4.4.11. HTML including script tags can be injected into field names which when the field is added to a category or section will trigger when users visit the Categories or Entries pages respectively.