CVE-2023-33495
published 2023-06-20CVE-2023-33495: Craft CMS through 4.4.9 is vulnerable to HTML Injection.
PriorityP427medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.50%
38.8th percentile
Craft CMS through 4.4.9 is vulnerable to HTML Injection.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftcms | cms | 0 – 4.4.9 | — |
| craftcms | craft_cms | <= 4.4.9 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Craft CMS vulnerable to HTML injection
osv·2023-06-20
CVE-2023-33495 [MEDIUM] Craft CMS vulnerable to HTML injection
Craft CMS vulnerable to HTML injection
Craft CMS through 4.4.9 is vulnerable to HTML Injection.
GHSA
Craft CMS vulnerable to HTML injection
ghsa·2023-06-20
CVE-2023-33495 [MEDIUM] CWE-79 Craft CMS vulnerable to HTML injection
Craft CMS vulnerable to HTML injection
Craft CMS through 4.4.9 is vulnerable to HTML Injection.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injectionhttps://medium.com/%40mondalsomnath9135/html-injection-in-craft-cms-application-e2b28f746212https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/11-Client-side_Testing/03-Testing_for_HTML_Injection
2023-06-20
Published