AMR CraftCMS whitepaper Research & Papers

30 August 2023

In the ever-evolving landscape of cybersecurity, recent scrutiny has unveiled two critical vulnerabilities within CraftCMS, identified as CVE-2023-36259 (Stored XSS) and CVE-2023-36260 (DoS).

The first vulnerability, CVE-2023-36259, highlights a Stored Cross-Site Scripting flaw stemming from deficient input validation within CraftCMS's Audit Plugin. Malicious actors are able to exploit this vulnerability by introducing malevolent JavaScript code during the user creation phase.




Registered address
AMR CyberSecurity, 3000a Parkway
Whiteley, Fareham
Hampshire, PO15 7FX
© 2023 AMR CyberSecurity · Registered Company Number: 11551941