CNNVD-202602-1292 Information

CNNVD ID

CNNVD-202602-1292

Related CVE

CVE-2026-25496

• CNNVD Published: 2026-02-09

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 4.0.0-RC1版本至4.16.17版本和5.0.0-RC1版本至5.8.21版本存在跨站脚本漏洞，该漏洞源于前缀和后缀字段渲染时未正确转义，可能导致存储型跨站脚本攻击。

Description (English)

Craft CMS is an open-source CMS content management system. Craft CMS Versions 4.0.0-RC1 to 4.16.17 and 5.0.0-RC1 to 5.8.21 have cross-site script loopholes, which stem from the misdirection of prefix and suffix field rendering, which may lead to storage-type cross-site script attacks.

Vulnerability Type

跨站脚本

Affected Vendor

Craft CMS

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/craftcms/cms/commit/cb5fb0e979e72f315c9178fc031883d49527f513 https://github.com/craftcms/cms/releases/tag/5.8.22 https://github.com/craftcms/cms/security/advisories/GHSA-9f5h-mmq6-2x78

Patch

https://github.com/craftcms/cms/releases