CVE-2019-12823

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-12823
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12823.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-12823
Aliases
Published
2019-06-18T13:15:10.753Z
Modified
2026-04-10T04:15:34.368581Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.

References

Affected packages

Git / github.com/craftcms/cms

Affected ranges

Type
GIT
Repo
https://github.com/craftcms/cms
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2c2447caaed72c1edb443cfbea4d7cbc64e41675
Fixed
6432eca59b93bcea2ca2616199e5d419447e613f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.31"
        }
    ]
}

Affected versions

0.*
0.9.2063
0.9.2064
0.9.2065
0.9.2068
0.9.2071
0.9.2078
0.9.2079
0.9.2080
0.9.2081
0.9.2083
0.9.2090
0.9.2094
0.9.2100
0.9.2101
0.9.2102
0.9.2103
0.9.2106
0.9.2116
0.9.2117
0.9.2123
0.9.2124
0.9.2146
0.9.2151
0.9.2157
0.9.2167
0.9.2168
0.9.2177
0.9.2181
0.9.2184
0.9.2189
0.9.2193
0.9.2243
0.9.2246
1.*
1.0.0-alpha.2236
1.0.0-alpha.2237
1.0.0-alpha.2238
1.0.0-alpha.2241
1.0.0-alpha.2242
1.0.0-alpha.2244
1.0.0-alpha.2245
1.0.0-alpha.2247
1.0.0-alpha.2248
1.0.0-alpha.2249
1.0.2266
1.1.0-alpha.2283
1.1.0-alpha.2284
1.1.0-alpha.2285
1.1.0-alpha.2288
1.1.2291
1.2.0-alpha.2310
1.2.0-alpha.2312
1.2.0-alpha.2318
1.2.0-alpha.2319
1.2.0-alpha.2322
1.2.0-alpha.2328
1.2.0-alpha.2329
1.2.2333
1.2.2335
1.2.2336
1.2.2339
1.4.0-alpha.2488
1.4.0-alpha.2489
1.4.0-alpha.2490
1.4.0-alpha.2491
1.4.0-alpha.2492
1.4.0-alpha.2493
1.4.0-alpha.2497
1.4.0-alpha.2498
1.4.0-alpha.2499
1.4.0-alpha.2500
1.4.0-alpha.2502
1.4.0-alpha.2503
1.4.0-alpha.2505
1.4.0-alpha.2509
2.*
2.0.2524
2.0.2525
2.0.2527
2.0.2532
2.0.2533
2.0.2535
2.0.2536
2.0.2537
2.0.2538
2.0.2539
2.1.0-alpha.2546
2.1.0-alpha.2547
2.1.0-alpha.2552
2.1.2554
2.1.2555
2.1.2556
2.1.2557
2.2.0-alpha.2578
2.2.2579
2.2.2581
2.3.0-alpha.2600
2.3.0-alpha.2602
2.3.0-alpha.2603
2.3.0-alpha.2605
2.3.0-alpha.2606
2.3.0-alpha.2608
2.3.0-alpha.2610
2.3.0-alpha.2612
2.3.2615
2.3.2616
2.3.2617
3.*
3.0.0-RC10.1
3.0.0-alpha.2671
3.0.0-alpha.2681
3.0.0-alpha.2687
3.0.0-alpha.2915
3.0.0-alpha.2918
3.0.0-alpha.2928
3.0.0-alpha.2933
3.0.0-alpha.2937
3.0.0-alpha.2939
3.0.0-alpha.2942
3.0.0-alpha.2948
3.0.26
3.0.26.1
3.0.27
3.0.27.1
3.0.28
3.0.29
3.0.30
3.0.30.1
3.0.30.2
3.0.31
3.0.32
3.0.33
3.0.34
3.0.35
3.0.36
3.0.37
3.1.1
3.1.10
3.1.11
3.1.12
3.1.13
3.1.14
3.1.15
3.1.16
3.1.17
3.1.17.1
3.1.17.2
3.1.18
3.1.19
3.1.2
3.1.2.1
3.1.2.2
3.1.20
3.1.20.1
3.1.21
3.1.21.1
3.1.22
3.1.23
3.1.24
3.1.25
3.1.26
3.1.27
3.1.28
3.1.29
3.1.3
3.1.30
3.1.4
3.1.5
3.1.6
3.1.6.1
3.1.7
3.1.8
3.1.9
3.1.9.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12823.json"