We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-45406

Craft CMS stored XSS in breadcrumb list and title fields



Description

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.

Reserved 2024-08-28 | Published 2024-09-09 | Updated 2024-09-09 | Assigner GitHub_M


MEDIUM: 5.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Problem types

CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

>= 5.0.0, < 5.1.2
affected

References

github.com/...ms/cms/security/advisories/GHSA-28h4-788g-rh42

github.com/...ommit/b7348942f8131b3868ec6f46d615baae50151bb8

cve.org (CVE-2024-45406)

nvd.nist.gov (CVE-2024-45406)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-45406

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.