CVE-2023-24230

描述

### Description A stored cross-site scripting (XSS) vulnerability in Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title field. Only users with access to Administration Panel with page editing permission can inject raw HTML in the Page title field. ### Patched versions This vulnerability has been patched in [Formwork 1.13.0](https://github.com/getformwork/formwork/releases/tag/1.13.0).

受影響套件(1)

• Packagist/getformwork/formworkfrom 0, < 1.13.0

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-24230
• PATCHhttps://github.com/getformwork/formwork
• WEBhttps://github.com/getformwork/formwork/commit/8781ee17ca9b9b7b0b57e090e7f2ba1b27dc1415
• WEBhttps://medium.com/@0x2bit/formwork-1-12-1-stored-xss-vulnerability-at-page-title-b6efba27891a