CVE-2023-23927: XSS
First published: Fri Mar 03 2023(Updated: )
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Craftcms Craft Cms | <4.3.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-23927?
CVE-2023-23927 is a vulnerability in Craft CMS that allows for cross-site scripting (XSS) attacks when a payload is inserted into a label name or instruction of an entry type in the quick post widget on the admin dashboard.
How severe is CVE-2023-23927?
CVE-2023-23927 has a severity rating of 5.4, which is considered medium.
Which software versions are affected by CVE-2023-23927?
Craft CMS versions up to and excluding 4.3.7 are affected by CVE-2023-23927.
How can I fix CVE-2023-23927?
To fix CVE-2023-23927, please update Craft CMS to version 4.3.7 or later.
Is there any additional information about CVE-2023-23927?
Yes, you can find more information about CVE-2023-23927 in the Craft CMS changelog and security advisory.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- vendor/craftcms
- canonical/craftcms craft cms