CVE-2019-12823 — Cross-site Scripting in Craft CMS

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 44.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJun 18

Latest updateMay 24

Description

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

▶Packagistcraftcms/cms< 3.1.31

GHSA

Craft CMS XSS Vulnerability↗2022-05-24

▶

OSV

Craft CMS XSS Vulnerability↗2022-05-24

▶

CVEList

CVE-2019-12823: Craft CMS before 3↗2019-06-18

▶