Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-23927)

Description

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.

Remediation

References

Related Vulnerabilities

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25602)

WordPress Plugin Ultimate Appointment Booking & Scheduling Unspecified Vulnerability (1.1.10)

WordPress Plugin Post Pay Counter PHP Object Injection (2.730)

Liferay Portal Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-43793)

Jboss EAP Improper Initialization Vulnerability (CVE-2023-4503)

Severity

Medium

Classification

CVE-2023-23927 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities