This security bulletin contains one low risk vulnerability.
Exploit availability: YesDescription
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.Mitigation
Install update from vendor's website.Vulnerable software versions
Craft CMS: 3.1.12
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?