Vulnerability identifier: #VU34922
Vulnerability risk: Low
Exploitation vector: Network
Exploit availability: Yes
Vendor: Pixel & Tonic, Inc.
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.
Install update from vendor's website.
Vulnerable software versions
Craft CMS: 3.1.12
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?