Skip to content

XSS in RSS feed widget

Moderate
angrybrad published GHSA-j4mx-98hw-6rv6 May 5, 2023

Package

craftcms/cms (Craft CMS)

Affected versions

>= 3.0.0, <= 3.8.3
>= 4.0.0, <= 4.4.3

Patched versions

3.8.4
4.4.4

Description

Summary

A malformed title in the feed widget can deliver an XSS payload

Resolved in 52bd161

Severity

Moderate

CVE ID

CVE-2023-31144

Weaknesses

No CWEs

Credits