CVE-2017-8384
CVE-2017-8384
Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →