First published: Thu Oct 10 2019(Updated: )
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/craftcms/cms | <3.3.8 | 3.3.8 |
Craftcms Craft Cms | <3.3.8 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2019-17496 is medium with a CVSS score of 6.1.
CVE-2019-17496 affects Craft CMS versions before 3.3.8.
The vulnerability in CVE-2019-17496 is a stored XSS vulnerability.
The stored XSS vulnerability in CVE-2019-17496 can be exploited by injecting malicious code into the name field, which is mishandled during site deletion.
CVE-2019-17496 can be fixed by updating Craft CMS to version 3.3.8 or later.