Home > Vulnerability Database > CVE-2024-45406

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2024-45406

Good to know:

Date: September 9, 2024

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.

Language: PHP

Severity Score

5.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-45406

Url: https://github.com/craftcms/cms/security/advisories/GHSA-28h4-788g-rh42

Url: https://github.com/craftcms/cms

Url: https://github.com/craftcms/cms/commit/b7348942f8131b3868ec6f46d615baae50151bb8

Url: https://www.mend.io/vulnerability-database/CVE-2024-45406

Severity Score

5.5

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CWE-80

Top Fix

Upgrade Version

Upgrade to version craftcms/cms-5.1.2

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Do you need more information?

Contact Us