CVE-2023-33495

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jun 20, 2023

Updated: Nov 7, 2023

CWE ID 79

Summary

CVE-2023-33495 is a newly disclosed vulnerability affecting Craft CMS versions up to 4.4.9. This issue permits attackers to inject malicious HTML code into affected sites, potentially leading to unintended content display or data exfiltration. Successful exploitation of this flaw can occur when an attacker submits specially crafted data through a form or an input field that is not properly sanitized. The vulnerability poses a serious risk to websites utilizing Craft CMS and necessitates an immediate update to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/rtvYWW
https://www.cve.org/CVERecord?id=CVE-2023-33495
https://nvd.nist.gov/vuln/detail/CVE-2023-33495

Back to Vulnerability Database

CVE-2023-33495

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations