GHSA-jfm4-3vv3-fm4v

Source

https://github.com/advisories/GHSA-jfm4-3vv3-fm4v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-jfm4-3vv3-fm4v/GHSA-jfm4-3vv3-fm4v.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-jfm4-3vv3-fm4v

Aliases

CVE-2023-4136

Published

2023-08-03T18:30:35Z

Modified

2025-02-13T20:42:10.974423Z

Severity

7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N CVSS Calculator

Summary

Cross-site Scripting (XSS) in CrafterCMS

Details

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.

Database specific

{
    "severity": "HIGH",
    "github_reviewed_at": "2025-02-13T20:14:25Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2023-08-03T15:15:34Z"
}

References

Affected packages

Maven / org.craftercms:crafter-engine

Package

Name: org.craftercms:crafter-engine; View open source insights on deps.dev
Purl: pkg:maven/org.craftercms/crafter-engine

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.3

Affected versions

4.*

4.0.1

4.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-jfm4-3vv3-fm4v/GHSA-jfm4-3vv3-fm4v.json"

Maven / org.craftercms:crafter-engine

Package

Name: org.craftercms:crafter-engine; View open source insights on deps.dev
Purl: pkg:maven/org.craftercms/crafter-engine

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.1.28

Affected versions

3.*

3.1.0

3.1.1

3.1.2

3.1.3

3.1.4

3.1.4E

3.1.5

3.1.5E

3.1.6

3.1.6E

3.1.7

3.1.7E

3.1.8

3.1.8E

3.1.9

3.1.9E

3.1.10

3.1.10E

3.1.11

3.1.11E

3.1.12

3.1.12E

3.1.13

3.1.13E

3.1.14

3.1.14E

3.1.15

3.1.15E

3.1.16

3.1.16E

3.1.17

3.1.17E

3.1.17.4

3.1.17.4E

3.1.17.5

3.1.17.5E

3.1.17.6

3.1.17.6E

3.1.17.7

3.1.17.7E

3.1.18

3.1.18E

3.1.19

3.1.19E

3.1.20

3.1.20E

3.1.21

3.1.21E

3.1.22

3.1.22E

3.1.23

3.1.23E

3.1.24

3.1.24E

3.1.25

3.1.25E

3.1.26

3.1.26E

3.1.27

3.1.27E

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/08/GHSA-jfm4-3vv3-fm4v/GHSA-jfm4-3vv3-fm4v.json"