Description Craft CMS before 2.6.2974 allows XSS attacks. Remediation References CVE-2017-8052 Related Vulnerabilities WordPress Improper Input Validation Vulnerability (CVE-2007-1277) Drupal Core 5.x Cross-Site Scripting (5.0 - 5.16) WordPress Plugin SEO Friendly Images Cross-Site Scripting (3.0.4) CrushFTP Server Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795) PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-1939) Severity Medium Classification CVE-2017-8052 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities