Site icon API Security Blog

CrafterCMS Engine – Cross-Site Scripting

Victor Test

image
CrafterCMS Engine is vulnerable to reflected cross-site scripting (XSS) via the transformerName parameter in the /api/1/site/url/transform endpoint, allowing attackers to execute arbitrary JavaScript in the context of the…Read More

Exit mobile version