CVE-2023-2817

MEDIUM 5.4

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

0th

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.

Vendor	n/a
Product	craft cms
Published	May 26, 2023
Last Updated	Jan 15, 2025

Stay Ahead of the Next One

Get instant alerts for n/a craft cms

Be the first to know when new medium vulnerabilities affecting n/a craft cms are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

n/a / Craft CMS

versions prior or equal to version 4.4.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

tenable.com: https://www.tenable.com/security/research/tra-2023-20%2C github.com: https://github.com/craftcms/cms/commit/7655e1009ba6cdbfb230e6bb138b775b69fc7bcb