Description
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
Remediation
References
Related Vulnerabilities
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6635)
WordPress Plugin BackWPup Cross-Site Scripting (3.0.12)
PostgreSQL CVE-2022-41862 Vulnerability (CVE-2022-41862)
WordPress Plugin FourSquare Checkins Cross-Site Request Forgery (1.2)
Artifactory Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-41834)