CVE-2023-33195, GHSA-qpgm-gjgf-8c2x
packagist/craftcms/cms
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
All versions starting from 4.3.0 before 4.4.6
Upgrade to version 4.4.6 or above.
2023-05-29
source |