CVE-2023-31144
published 2023-05-09CVE-2023-31144: Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a…
PriorityP423medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.41%
32.4th percentile
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftcms | cms | — | — |
| craftcms | cms | — | — |
| craftcms | cms | >= 3.0.0 < 3.8.4 | 3.8.4 |
| craftcms | cms | >= 4.0.0 < 4.4.4 | 4.4.4 |
| craftcms | craft_cms | 3.0.0 – 3.8.3 | — |
| craftcms | craft_cms | 4.0.0 – 4.4.3 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
craftcms/cms vulnerable to cross site scripting in RSS feed widget
ghsa·2023-05-05
CVE-2023-31144 [MEDIUM] CWE-79 craftcms/cms vulnerable to cross site scripting in RSS feed widget
craftcms/cms vulnerable to cross site scripting in RSS feed widget
A malformed title in the feed widget of craftcms/cms can deliver an XSS payload. This has been resolved in [this commit](https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442).
OSV
craftcms/cms vulnerable to cross site scripting in RSS feed widget
osv·2023-05-05
CVE-2023-31144 [MEDIUM] craftcms/cms vulnerable to cross site scripting in RSS feed widget
craftcms/cms vulnerable to cross site scripting in RSS feed widget
A malformed title in the feed widget of craftcms/cms can deliver an XSS payload. This has been resolved in [this commit](https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6https://github.com/craftcms/cms/commit/52bd161614620edbab2d24d078ca9ebca2528442https://github.com/craftcms/cms/security/advisories/GHSA-j4mx-98hw-6rv6
2023-05-09
Published