CVE-2023-33196
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-33196
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-33196.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-33196
- Aliases
- Published
- 2023-05-26T20:22:23.637Z
- Modified
- 2025-11-29T14:17:38.538246Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- Craft CMS stored XSS in review volume
- Details
-
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-80" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33196.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/33xxx/CVE-2023-33196.json
- https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7
- https://github.com/craftcms/cms/releases/tag/4.4.7
- https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5
- https://nvd.nist.gov/vuln/detail/CVE-2023-33196
Affected packages
Git / github.com/craftcms/cms
Affected versions
3.*
3.7.33
3.7.39
3.7.40
3.7.40.1
3.7.41
3.7.42
3.7.43
3.7.44
3.7.45
3.7.45.1
3.7.45.2
3.7.46
3.7.47
3.7.47.1
3.7.48
3.7.49
3.7.50
3.7.51
3.7.52
3.7.53
3.7.53.1
3.7.54
3.7.55
3.7.55.1
3.7.55.2
3.7.55.3
3.7.56
3.7.57
3.7.58
3.7.59
3.7.60
3.7.61
3.7.62
3.7.63
3.7.63.1
3.7.64
3.7.64.1
3.7.65
3.7.65.1
3.7.65.2
3.7.66
3.7.67
3.7.68
3.8.0
3.8.0-beta.1
3.8.0-beta.2
3.8.0-beta.3
3.8.0-beta.4
3.8.0-beta.5
3.8.0-beta.6
3.8.1
3.8.2
3.8.3
3.8.4
3.8.5
3.8.6
4.*
4.0.0
4.0.0-RC1
4.0.0-RC2
4.0.0-RC3
4.0.0.1
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.5.1
4.0.5.2
4.0.6
4.1.0
4.1.0.1
4.1.0.2
4.1.1
4.1.2
4.1.3
4.1.4
4.1.4.1
4.2.0
4.2.0.1
4.2.0.2
4.2.1
4.2.1.1
4.2.2
4.2.3
4.2.4
4.2.5
4.2.5.1
4.2.5.2
4.2.6
4.2.7
4.2.8
4.3.0
4.3.1
4.3.10
4.3.11
4.3.2
4.3.2.1
4.3.3
4.3.4
4.3.5
4.3.6
4.3.6.1
4.3.7
4.3.7.1
4.3.8
4.3.8.1
4.3.8.2
4.3.9
4.4.0
4.4.0-beta.1
4.4.0-beta.2
4.4.0-beta.3
4.4.0-beta.4
4.4.0-beta.5
4.4.0-beta.6
4.4.0-beta.7
4.4.1
4.4.2
4.4.3
4.4.4
4.4.5
4.4.6
4.4.6.1