Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2023-36260 - Vulnerability Database
Craft CMS

Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability - CVE-2023-36260

High
Reference: CVE-2023-36260
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2023-36260
Title: Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) Vulnerability
Overview:

An issue discovered in Craft CMS version 4.6.1. allows remote attackers to cause a denial of service (DoS) via crafted string to Feed-Me Name and Feed-Me URL fields due to saving a feed using an Asset element type with no volume selected.