Vulnerability Database

296,172

Total vulnerabilities in the database

XSS Injection Vulnerability

Impact

Under some circumstances, the Feeds widget on the dashboard could have an XSS vulnerability if a malformed feed was supplied.

Patches

This has been patched in Craft 3.7.29.

References

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729---2022-01-18

For more information

If you have any questions or comments about this advisory, email us at support@craftcms.com

Credits: https://github.com/noobpk

Published: Apr 5, 2022
Updated: Apr 14, 2023
GHSA: GHSA-wf98-vxv9-jqfv
Severity: Low
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
craftcms / cms	-	3.7.29

https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv