First published: Tue Dec 31 2019(Updated: )
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Craftcms Craft Cms | =3.1.12 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-9554 is a vulnerability in the Craft CMS software version 3.1.12 Pro that allows for cross-site scripting (XSS) attacks.
CVE-2019-9554 has a severity level of medium, with a CVSS score of 6.1.
CVE-2019-9554 allows an attacker to insert malicious code into the header insertion field in Craft CMS, leading to potential XSS attacks.
The affected software version of CVE-2019-9554 is Craft CMS 3.1.12 Pro.
To mitigate the risk of CVE-2019-9554, it is recommended to update Craft CMS to a version beyond 3.1.12 Pro, where the vulnerability is patched.