CVE-2023-33195: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

May 27, 2023 (updated June 2, 2023)

Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.

References

github.com/advisories/GHSA-qpgm-gjgf-8c2x
github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f
github.com/craftcms/cms/releases/tag/4.4.6
github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x

Detect and mitigate CVE-2023-33195 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →