Untriaged
Permalink
CVE-2023-4136
7.4 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.
References
- https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301
- http://seclists.org/fulldisclosure/2023/Aug/30
- http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripti…
- http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripti… x_transferred
- https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301 x_transferred
- http://seclists.org/fulldisclosure/2023/Aug/30 x_transferred
- https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301
- http://seclists.org/fulldisclosure/2023/Aug/30
- http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripti…
- http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripti… x_transferred
- https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301 x_transferred
- http://seclists.org/fulldisclosure/2023/Aug/30 x_transferred
- https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301
- http://seclists.org/fulldisclosure/2023/Aug/30
- http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripti…
- https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301 x_transferred
- http://seclists.org/fulldisclosure/2023/Aug/30 x_transferred
- http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripti… x_transferred
Affected products
Engine
- =<4.0.2
- =<3.1.27
Matching in nixpkgs
pkgs.perlPackages.XMLXPathEngine
Re-usable XPath engine for DOM-like trees
-
nixos-unstable -
- nixpkgs-unstable 0.14
pkgs.perlPackages.ZonemasterEngine
Tool to check the quality of a DNS zone
-
nixos-unstable -
- nixpkgs-unstable 4.6.1
pkgs.haskellPackages.Control-Engine
A parallel producer/consumer engine (thread pool)
-
nixos-unstable -
- nixpkgs-unstable 1.1.0.1
pkgs.perl538Packages.XMLXPathEngine
Re-usable XPath engine for DOM-like trees
-
nixos-unstable -
- nixpkgs-unstable 0.14
pkgs.perl540Packages.XMLXPathEngine
Re-usable XPath engine for DOM-like trees
-
nixos-unstable -
- nixpkgs-unstable 0.14
pkgs.perl538Packages.ZonemasterEngine
Tool to check the quality of a DNS zone
-
nixos-unstable -
- nixpkgs-unstable 4.6.1
pkgs.perl540Packages.ZonemasterEngine
Tool to check the quality of a DNS zone
-
nixos-unstable -
- nixpkgs-unstable 4.6.1