CVE-2023-4136

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.

CVSS v3 7.4 HIGH

7.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2023/Aug/30
https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301	Third Party Advisory
http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripting.html
http://seclists.org/fulldisclosure/2023/Aug/30
https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:craftercms:craftercms::::::::
	cpe:2.3:a:craftercms:craftercms::::::::

OR	cpe:2.3:o:apple:macos:-::::::arm:
	cpe:2.3:o:apple:macos:-::::::x64:
	cpe:2.3:o:apple:macos:-::::::x86:
	cpe:2.3:o:linux:linux_kernel:-::::::arm:
	cpe:2.3:o:linux:linux_kernel:-::::::x64:
	cpe:2.3:o:linux:linux_kernel:-::::::x86:
	cpe:2.3:o:microsoft:windows:-::::::arm:
	cpe:2.3:o:microsoft:windows:-::::::x64:
	cpe:2.3:o:microsoft:windows:-::::::x86:

History

13 Feb 2025, 17:17

Type	Values Removed	Values Added
Summary	(en) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.	(en) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.

21 Nov 2024, 08:34

Type	Values Removed	Values Added
References	~~() http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripting.html -~~	() http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripting.html -
References	~~() http://seclists.org/fulldisclosure/2023/Aug/30 -~~	() http://seclists.org/fulldisclosure/2023/Aug/30 -
References	~~() https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301 - Third Party Advisory~~	() https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~6.1~~	v2 : unknown v3 : 7.4

Information

Published : 2023-08-03 15:15

Updated : 2025-02-13 17:17

NVD link : CVE-2023-4136

Mitre link : CVE-2023-4136

CVE.ORG link : CVE-2023-4136

JSON object : View

Products Affected

apple

macos

linux

linux_kernel

craftercms

craftercms

microsoft

windows

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

7.4 /10