CVE-2024-45406

MEDIUM

Craft CMS 5 - Stored XSS

Title source: llm

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.

Core 2

Core References

Exploit, Vendor Advisory x_refsource_confirm

Patch x_refsource_misc

CVSS v3 5.5

EPSS 0.0031

EPSS Percentile 53.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

CWE

CWE-80 CWE-79

Status published

Products (2)

craftcms/cms 5.0.0 - 5.1.2Packagist

craftcms/craft_cms 5.0.0 - 5.1.2

Published Sep 09, 2024

Tracked Since Feb 18, 2026