CVE-2023-33196, GHSA-cjmm-x9x9-m2w5
packagist/craftcms/cms
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
All versions starting from 4.0.0-rc1 up to 4.4.6
Upgrade to version 4.4.7 or above.
2023-05-29
source |