First published: Tue Apr 25 2023(Updated: )
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/craftcms/cms | <3.7.68 | 3.7.68 |
Craftcms Craft Cms | =3.7.59 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-30177.
The severity of CVE-2023-30177 is medium.
CVE-2023-30177 affects CraftCMS versions prior to 3.7.68.
The impact of CVE-2023-30177 is Cross-Site Scripting (XSS), allowing an attacker to inject JavaScript code into the Volume Name field.
To fix CVE-2023-30177, upgrade CraftCMS to version 3.7.68 or later.