Search for vulnerabilities
| Vulnerability ID | VCID-hm7h-7cu3-8be1 |
| Aliases |
CVE-2023-33194
GHSA-3wxg-w96j-8hq9 |
| Summary | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Craft is a CMS for creating custom digital experiences on the web. The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in version 4.4.6. |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| System | Score | Found at |
|---|---|---|
| There are no known severity scores. | ||
| Reference id | Reference type | URL |
|---|---|---|
| https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888 | ||
| https://github.com/craftcms/cms/releases/tag/4.4.6 | ||
| CVE-2023-33194 | https://nvd.nist.gov/vuln/detail/CVE-2023-33194 | |
| GHSA-3wxg-w96j-8hq9 | https://github.com/advisories/GHSA-3wxg-w96j-8hq9 | |
| GHSA-3wxg-w96j-8hq9 | https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9 |
No EPSS data available for this vulnerability.
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-06-02T04:44:53.638746+00:00 | GitLab Importer | Import | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/craftcms/cms/CVE-2023-33194.yml | 38.6.0 |