Vulnerabilities

CVE-2026-25491

by Fred · 09/02/2026

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22.

More information : https://github.com/craftcms/cms/commit/cfd6ba0e2ce1a59a02d75cae6558c4ace1ab8bd4

Similar

Tags: Cybersecurity Alert