CVE-2023-4136: Cross-site Scripting (XSS) in CrafterCMS

August 3, 2023 (updated February 13, 2025)

Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.

References

docs.craftercms.org/en/4.0/security/advisory.html
github.com/advisories/GHSA-jfm4-3vv3-fm4v
github.com/craftercms/engine
nvd.nist.gov/vuln/detail/CVE-2023-4136

Code Behaviors & Features

Detect and mitigate CVE-2023-4136 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →