Description
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
Remediation
References
Related Vulnerabilities
WordPress Plugin VO Store Locator-WP Store Locator Unspecified Vulnerability (3.2.14)
WordPress Plugin Walk Score Multiple Cross-Site Scripting Vulnerabilities (0.5.5)
WordPress Missing Authentication for Critical Function Vulnerability (CVE-2020-11028)
SharePoint CVE-2024-43466 Vulnerability (CVE-2024-43466)
WordPress Plugin Delete All Comments Easily Cross-Site Request Forgery (1.3)