What is CVE-2023-33194?

CVE-2023-33194 is a low-severity vulnerability in Craftcms Cms, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 3.7/10. Published 2023-05-26.

How severe is CVE-2023-33194?

Low severity. CVSS v3 base score is 3.7 out of 10.

XSS in Craftcms Cms

CVE-2023-33194

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t…

EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:L.

Affected products

Craftcms Cms — versions >= 4.0.0-RC1, < 4.4.6, >= 3.0.0, <= 3.8.5

Weakness classification (CWE)

CWE-80 — Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

References

https://github.com/craftcms/cms/security/advisories/GHSA-3wxg-w96j-8hq9 (x_refsource_CONFIRM)
https://github.com/craftcms/cms/commit/9d0cd0bda7c8a830a3373f8c0f06943e519ac888 (x_refsource_MISC)
https://github.com/craftcms/cms/releases/tag/4.4.6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-33194?: CVE-2023-33194 is a low-severity vulnerability in Craftcms Cms, classified under Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS). CVSS score: 3.7/10. Published 2023-05-26.
How severe is CVE-2023-33194?: Low severity. CVSS v3 base score is 3.7 out of 10.