Description
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
Remediation
References
Related Vulnerabilities
Apache Tomcat version older than 7.0.28
WordPress Plugin Uploadify Remote File Upload (1.0)
WordPress Plugin Auto Publish for Google My Business Cross-Site Scripting (3.3)
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42130)
WordPress Plugin Widget Shortcode Cross-Site Scripting (0.3.5)