CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-9554

In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.015

EPSS Ranking 80.6%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://packetstormsecurity.com/files/151944/Craft-CMS-3.1.12-Pro-Cross-Site-Scripting.html
https://www.exploit-db.com/exploits/46496
https://packetstormsecurity.com/files/151944/Craft-CMS-3.1.12-Pro-Cross-Site-Scripting.html
https://www.exploit-db.com/exploits/46496

Products affected by CVE-2019-9554

Craftcms » Craft Cms » Version: 3.1.12

cpe:2.3:a:craftcms:craft_cms:3.1.12

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-9554

Products

Pricing

Contact Us