CNNVD-202602-2162 Information

CNNVD ID

CNNVD-202602-2162

Related CVE

CVE-2026-26188

• CNNVD Published: 2026-02-12

Description (Chinese)

Craft CMS是Craft CMS开源的一套内容管理系统（CMS）。 Craft CMS 5.14.7之前版本存在跨站脚本漏洞，该漏洞源于用户控制的表单标签和集成元数据未经清理直接渲染，可能导致存储型跨站脚本攻击。

Description (English)

Craft CMS is an open-source CMS content management system. Prior to Craft CMS 5.14.7, there was a cross-site script loophole, which originated from the uncleaned direct rendering of user-controlled table labels and integrated metadata, which could lead to storage-type cross-site script attacks.

Vulnerability Type

跨站脚本

Affected Vendor

Craft CMS

Published

2026-02-12

Last Modified

2026-02-24

References

https://github.com/solspace/craft-freeform/commit/b9adad6cdf1eba5400aae8b1ae39bd7d4d33af5e https://github.com/solspace/craft-freeform/releases/tag/v5.14.7 https://github.com/solspace/craft-freeform/security/advisories/GHSA-jp3q-wwp3-pwv9

Patch

https://github.com/solspace/craft-freeform/releases