Description
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://mayoterry.com/file/cve/XSS_vuluerability_in_Craftcms_3.1.31.pdf
Patch, Third Party Advisory x_refsource_misc
https://github.com/craftcms/cms/commit/76a2168b6a5e30144f5c06da4ff264f4eca577ff
Scores
CVSS v3
5.4
EPSS
0.0023
EPSS Percentile
45.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
craftcms/cms
0 - 3.1.33Packagist
craftcms/craft_cms
3.1.31
Published
Mar 26, 2021
Tracked Since
Feb 18, 2026