Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-33194 - Vulnerability Database

Craft CMS

Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2023-33194

Medium

Reference: CVE-2023-33194

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-33194

Title: Craft CMS Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didnt fix it when clicking save. This issue was patched in version 4.4.6.