all InfoSec news
Stored Cross-Site Scripting in Craft CMS
May 19, 2023, 7:53 p.m. | Evan Grant
Tenable Research Advisories www.tenable.com
A researcher at Tenable discovered a post-authentication stored cross-site scripting (XSS) vulnerability in Craft CMS core.
When creating a new field it is possible to inject html, including script tags, and inject an XSS payload which will be executed by users accessing the “Categories” and “Entries” pages.
Proof of Concept:
1. Create a new field with a name such as
2. Create a new category or section and add the field created in step …
authentication cms cross-site html inject payload researcher script scripting tenable vulnerability xss
More from www.tenable.com / Tenable Research Advisories
Fluent Bit Memory Corruption Vulnerability
2 weeks, 1 day ago |
www.tenable.com
Cross-Site Scripting in WordPress RSS Aggregator Plugin
2 weeks, 5 days ago |
www.tenable.com
Solidus Stored Cross-Site Scripting
2 weeks, 5 days ago |
www.tenable.com
Delta Electronics DIAEnergie CEBC.exe Multiple Vulnerabilities
3 weeks, 5 days ago |
www.tenable.com
Approach.App Multiple Vulnerabilities
1 month, 1 week ago |
www.tenable.com
Path Traversal Affecting Multiple CData Products
1 month, 3 weeks ago |
www.tenable.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Corporate Intern - Information Security (Year Round)
@ Associated Bank | US WI Remote
Senior Offensive Security Engineer
@ CoStar Group | US-DC Washington, DC