Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-25491

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 3.9%
CVSS Severity
CVSS v3 Score 4.8
Products affected by CVE-2026-25491


Contact Us

Shodan ® - All rights reserved