CVE-2023-23927

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/craftcms/cms

Identifiers

CVE-2023-23927, GHSA-qcrj-6ffc-v7hq

Package Slug

packagist/craftcms/cms

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.

Affected Versions

All versions before 4.3.7

Solution

Upgrade to version 4.3.7 or above.

Last Modified

2023-03-06

source