Description
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
Remediation
References
Related Vulnerabilities
WordPress Plugin Contact Form by BestWebSoft Cross-Site Request Forgery (3.82)
WordPress Plugin GigPress Cross-Site Scripting (2.3.27)
PostgreSQL CVE-2023-2455 Vulnerability (CVE-2023-2455)
WordPress Plugin Game tabs Cross-Site Scripting (0.4.0)
WordPress Plugin All-in-One WP Migration Cross-Site Scripting (6.45)