CVE-2023-33195

low-risk

Published 2023-05-27

Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.

Do I need to act?

0.51% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.0/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Craft Cms

Affected Vendors

Craftcms

References (6)

Patch https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f

https://github.com/craftcms/cms/releases/tag/4.4.6

Exploit https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x

Patch https://github.com/craftcms/cms/commit/b77cb3023bed4f4a37c11294c4d319ff9f598e1f

https://github.com/craftcms/cms/releases/tag/4.4.6

Exploit https://github.com/craftcms/cms/security/advisories/GHSA-qpgm-gjgf-8c2x

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal