CVE-2023-36259

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/craftcms/cms

Identifiers

CVE-2023-36259

Package Slug

packagist/craftcms/cms

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.

Affected Versions

All versions before 3.0.2

Solution

Upgrade to version 3.0.2 or above.

Last Modified

2024-02-06

source