First published: Fri Mar 26 2021(Updated: )
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Craftcms Craft Cms | =3.1.31 | |
composer/craftcms/cms | <3.1.33 | 3.1.33 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-19626 is medium with a CVSS score of 5.4.
CVE-2020-19626 affects Craft CMS version 3.1.31.
CVE-2020-19626 has CWE classification 79 (Improper Neutralization of Input During Web Page Generation).
Remote attackers can exploit CVE-2020-19626 by injecting arbitrary web script or HTML through the /admin/settings/sites/new endpoint in Craft CMS 3.1.31.
Yes, you can find more information on CVE-2020-19626 at the following links: [Reference 1](http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf) and [Reference 2](https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff).