CVE-2023-36259 – superbig/craft-audit

Package

Manager: composer
Name: superbig/craft-audit
Vulnerable Version: >=0 <3.0.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00087 pctl0.26027

Details

Craft CMS Audit Plugin Cross Site Scripting vulnerability Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.

Metadata

Created: 2024-01-30T09:30:34Z
Modified: 2024-02-05T23:06:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-v89q-c273-3p42/GHSA-v89q-c273-3p42.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-v89q-c273-3p42
Finding: F425
Auto approve: 1