Description
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
Remediation
References
http://crafter.com
https://docs.craftercms.org/en/3.0/security/advisory.html
Related Vulnerabilities
CVE-2019-0219 Vulnerability in npm package cordova-plugin-inappbrowser
CVE-2022-34916 Vulnerability in maven package org.apache.flume.flume-ng-sources:flume-jms-source
CVE-2018-1000665 Vulnerability in maven package org.webjars.bower:dojo
CVE-2023-25166 Vulnerability in npm package @sideway/formula
CVE-2017-2606 Vulnerability in maven package org.jenkins-ci.main:jenkins-core