First published: Fri Mar 03 2023(Updated: )
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Craftcms Craft Cms | <4.3.7 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-23927 is a vulnerability in Craft CMS that allows for cross-site scripting (XSS) attacks when a payload is inserted into a label name or instruction of an entry type in the quick post widget on the admin dashboard.
CVE-2023-23927 has a severity rating of 5.4, which is considered medium.
Craft CMS versions up to and excluding 4.3.7 are affected by CVE-2023-23927.
To fix CVE-2023-23927, please update Craft CMS to version 4.3.7 or later.
Yes, you can find more information about CVE-2023-23927 in the Craft CMS changelog and security advisory.