CVE-2026-33051
Craft CMS Vulnerable to Stored XSS in Revision Context Menu
EPSS 0.02%
描述
The revision/draft context menu in the element editor renders the creator’s `fullName` as raw HTML due to the use of `Template::raw()` combined with `Craft::t()` string interpolation. A low-privileged control panel user (e.g., Author) can set their fullName to an XSS payload via the profile editor, then create an entry with two saves. If an administrator is logged in and executes a specifically crafted payload while an elevated session is active, the attacker’s account can be elevated to administrator. Users should update to Craft 5.9.11 with the patch to mitigate the issue.
如何修補 CVE-2026-33051
要修補 CVE-2026-33051,請將受影響套件升級到下列已修補版本。
- —升級至 5.9.11 或更新版本
CVE-2026-33051 正在被利用嗎?
低 — EPSS 為 0.0%,目前沒有觀察到大規模利用活動。
受影響套件(1)
- >= 5.9.0-beta.1, < 5.9.11
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |