Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Mon, 09 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Craftcms
Craftcms craft Cms
CPEs cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
Vendors & Products Craftcms
Craftcms craft Cms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 09 Sep 2024 17:00:00 +0000

Type Values Removed Values Added
Description Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.
Title Craft CMS stored XSS in breadcrumb list and title fields
Weaknesses CWE-79
CWE-80
References
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-09-09T19:59:08.697Z

Reserved: 2024-08-28T20:21:32.804Z

Link: CVE-2024-45406

cve-icon Vulnrichment

Updated: 2024-09-09T19:59:03.200Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-09T17:15:13.180

Modified: 2024-09-13T15:30:45.380

Link: CVE-2024-45406

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.