CVE-2019-9554: XSS
First published: Tue Dec 31 2019(Updated: )
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Craftcms Craft Cms | =3.1.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-9554?
CVE-2019-9554 is a vulnerability in the Craft CMS software version 3.1.12 Pro that allows for cross-site scripting (XSS) attacks.
What is the severity of CVE-2019-9554?
CVE-2019-9554 has a severity level of medium, with a CVSS score of 6.1.
How does CVE-2019-9554 impact Craft CMS?
CVE-2019-9554 allows an attacker to insert malicious code into the header insertion field in Craft CMS, leading to potential XSS attacks.
What is the affected software version of CVE-2019-9554?
The affected software version of CVE-2019-9554 is Craft CMS 3.1.12 Pro.
How can I mitigate the risk of CVE-2019-9554?
To mitigate the risk of CVE-2019-9554, it is recommended to update Craft CMS to a version beyond 3.1.12 Pro, where the vulnerability is patched.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- vendor/craftcms
- canonical/craftcms craft cms
- version/craftcms craft cms/3.1.12