← back
CVE-2023-33195

Craft CMS XSS in RSS widget feed

CVSS 5 MEDIUMEPSS 0.7%CWE-79
Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Affected products
craftcms · cms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1fhttps://github.com/craftcms/cms/releases/tag/4.4.6https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x