CVE-2024-45406: Craft CMS vulnerable to stored XSS in breadcrumb list and title fields

September 9, 2024

Multiple Stored XSS can be triggered by the breadcrumb list and title fields with user input.

References

github.com/advisories/GHSA-28h4-788g-rh42
github.com/craftcms/cms
github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8
github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42
nvd.nist.gov/vuln/detail/CVE-2024-45406

Code Behaviors & Features

Detect and mitigate CVE-2024-45406 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →