Description
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
Remediation
References
Related Vulnerabilities
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5741)
WebLogic Improper Access Control Vulnerability (CVE-2016-5601)
Oracle JRE CVE-2020-2778 Vulnerability (CVE-2020-2778)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2432)