CVE-2023-36259

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.

Published: Jan 30, 2024
Updated: May 4, 2025
CVE: CVE-2023-36259
GHSA: GHSA-v89q-c273-3p42
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
superbig / craft-audit	-	3.0.2
craftcms / craft_cms	-	3.0.2

https://github.com/sjelfull/craft-audit/commit/c2888aa48457f24696ac0a2ba4f54f39e5c672ed
https://github.com/sjelfull/craft-audit/pull/73
https://www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/?trackingId=E75GttWvQp6gfvPiJDDUBA%3D%3D

Vulnerability Database

289,496

CVE-2023-36259