30 August 2023
In the ever-evolving landscape of cybersecurity, recent scrutiny has unveiled two critical vulnerabilities within CraftCMS, identified as CVE-2023-36259 (Stored XSS) and CVE-2023-36260 (DoS).
The first vulnerability, CVE-2023-36259, highlights a Stored Cross-Site Scripting flaw stemming from deficient input validation within CraftCMS's Audit Plugin. Malicious actors are able to exploit this vulnerability by introducing malevolent JavaScript code during the user creation phase.
