Skip to content

XSS Injection Vulnerability

Low severity GitHub Reviewed Published Apr 4, 2022 in craftcms/cms • Updated Jan 11, 2023

Package

composer craftcms/cms (Composer)

Affected versions

< 3.7.29

Patched versions

3.7.29

Description

Impact

Under some circumstances, the Feeds widget on the dashboard could have an XSS vulnerability if a malformed feed was supplied.

Patches

This has been patched in Craft 3.7.29.

References

For more information

If you have any questions or comments about this advisory, email us at support@craftcms.com

Credits: https://github.com/noobpk

References

@angrybrad angrybrad published to craftcms/cms Apr 4, 2022
Published to the GitHub Advisory Database Apr 5, 2022
Reviewed Apr 5, 2022
Last updated Jan 11, 2023

Severity

Low

Weaknesses

No CWEs

CVE ID

No known CVE

GHSA ID

GHSA-wf98-vxv9-jqfv

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.