First published: Sun Apr 03 2022(Updated: )
Craft CMS before 3.7.29 allows XSS.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Craftcms Craft Cms | <3.7.29 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-27878 is a vulnerability in Craft CMS versions before 3.7.29 that allows for cross-site scripting (XSS) attacks.
CVE-2022-28378 has a severity score of 6.1, classified as medium.
CVE-2022-28378 allows attackers to execute malicious scripts on the affected Craft CMS website, potentially leading to unauthorized access or data theft.
Versions of Craft CMS before 3.7.29 are affected by CVE-2022-28378.
To fix CVE-2022-28378, it is recommended to upgrade Craft CMS to version 3.7.29 or higher, as this vulnerability has been patched in that release.