CVE-2023-30177

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-30177

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30177.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-30177

Aliases

GHSA-wv7j-rc2q-9j67

Published

2023-04-25T00:00:00Z

Modified

2026-05-18T05:56:34.499068240Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/30xxx/CVE-2023-30177.json",
    "cna_assigner": "mitre"
}

References

Affected packages

Git / github.com/craftcms/cms

Affected ranges

Type

GIT

Repo

https://github.com/craftcms/cms

Events

Introduced

Last affected

b3e6247db27b315615c02dad6dab89ecd9233d89

Database specific

{
    "cpe": "cpe:2.3:a:craftcms:craft_cms:3.7.59:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.7.59"
        }
    ],
    "source": "CPE_FIELD"
}

Affected versions

0.*

0.9.2063

0.9.2064

0.9.2065

0.9.2068

0.9.2071

0.9.2078

0.9.2079

0.9.2080

0.9.2081

0.9.2083

0.9.2090

0.9.2094

0.9.2100

0.9.2101

0.9.2102

0.9.2103

0.9.2106

0.9.2116

0.9.2117

0.9.2123

0.9.2124

0.9.2146

0.9.2151

0.9.2157

0.9.2167

0.9.2168

0.9.2177

0.9.2181

0.9.2184

0.9.2189

0.9.2193

0.9.2243

0.9.2246

1.*

1.0.0-alpha.2236

1.0.0-alpha.2237

1.0.0-alpha.2238

1.0.0-alpha.2241

1.0.0-alpha.2242

1.0.0-alpha.2244

1.0.0-alpha.2245

1.0.0-alpha.2247

1.0.0-alpha.2248

1.0.0-alpha.2249

1.0.2266

1.1.0-alpha.2283

1.1.0-alpha.2284

1.1.0-alpha.2285

1.1.0-alpha.2288

1.1.2291

1.2.0-alpha.2310

1.2.0-alpha.2312

1.2.0-alpha.2318

1.2.0-alpha.2319

1.2.0-alpha.2322

1.2.0-alpha.2328

1.2.0-alpha.2329

1.2.2333

1.2.2335

1.2.2336

1.2.2339

1.4.0-alpha.2488

1.4.0-alpha.2489

1.4.0-alpha.2490

1.4.0-alpha.2491

1.4.0-alpha.2492

1.4.0-alpha.2493

1.4.0-alpha.2497

1.4.0-alpha.2498

1.4.0-alpha.2499

1.4.0-alpha.2500

1.4.0-alpha.2502

1.4.0-alpha.2503

1.4.0-alpha.2505

1.4.0-alpha.2509

2.*

2.0.2524

2.0.2525

2.0.2527

2.0.2532

2.0.2533

2.0.2535

2.0.2536

2.0.2537

2.0.2538

2.0.2539

2.1.0-alpha.2546

2.1.0-alpha.2547

2.1.0-alpha.2552

2.1.2554

2.1.2555

2.1.2556

2.1.2557

2.2.0-alpha.2578

2.2.2579

2.2.2581

2.3.0-alpha.2600

2.3.0-alpha.2602

2.3.0-alpha.2603

2.3.0-alpha.2605

2.3.0-alpha.2606

2.3.0-alpha.2608

2.3.0-alpha.2610

2.3.0-alpha.2612

2.3.2615

2.3.2616

2.3.2617

3.*

3.0.0-alpha.2671

3.0.0-alpha.2681

3.0.0-alpha.2687

3.0.0-alpha.2915

3.0.0-alpha.2918

3.0.0-alpha.2928

3.0.0-alpha.2933

3.0.0-alpha.2937

3.0.0-alpha.2939

3.0.0-alpha.2942

3.0.0-alpha.2948

3.7.42

3.7.43

3.7.44

3.7.45

3.7.45.1

3.7.45.2

3.7.46

3.7.47

3.7.47.1

3.7.48

3.7.49

3.7.50

3.7.51

3.7.52

3.7.53

3.7.53.1

3.7.54

3.7.55

3.7.55.1

3.7.55.2

3.7.55.3

3.7.56

3.7.57

3.7.58

3.7.59

@craftcms/sass@1.*

@craftcms/sass@1.0.0

@craftcms/sass@1.0.1

@craftcms/webpack@0.*

@craftcms/webpack@0.0.1

@craftcms/webpack@0.2.0

@craftcms/webpack@0.3.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-30177.json"