[craftcms/cms] XSS Injection Vulnerability

Impact

Under some circumstances, the Feeds widget on the dashboard could have an XSS vulnerability if a malformed feed was supplied.

Patches

This has been patched in Craft 3.7.29.

References

• https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#3729—2022-01-18

For more information

If you have any questions or comments about this advisory, email us at support@craftcms.com

Credits: https://github.com/noobpk

References

• https://github.com/craftcms/cms/security/advisories/GHSA-wf98-vxv9-jqfv
• https://github.com/advisories/GHSA-wf98-vxv9-jqfv