Moderate severityNVD Advisory· Published Jan 30, 2024· Updated May 29, 2025

CVE-2023-36259

Description

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
superbig/craft-auditPackagist	< 3.0.2	3.0.2

Affected products

Craft CMS/Audit Plugindescription
ghsa-coords
pkg:composer/superbig/craft-audit
Range: < 3.0.2

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-v89q-c273-3p42ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2023-36259ghsaADVISORY
github.com/sjelfull/craft-audit/commit/c2888aa48457f24696ac0a2ba4f54f39e5c672edghsaWEB
github.com/sjelfull/craft-audit/pull/73ghsaWEB
www.linkedin.com/pulse/threat-briefing-craftcms-amrcybersecurity-emi0e/ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000