CVE-2026-31859 | Craft CMS Return URL setReturnUrl cross site scripting

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability classified as problematic was found in Craft CMS. Affected by this vulnerability is the function setReturnUrl of the component Return URL Handler. Executing a manipulation can lead to cross site scripting.

This vulnerability is registered as CVE-2026-31859. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.

CVE-2026-31859 | Craft CMS Return URL setReturnUrl cross site scripting

Post correlati

CVE-2024-11331 | isee-products-extractor Plugin up to 2.1.3 on WordPress cross site scripting

CVE-2023-6506 | WP 2FA Plugin up to 2.5.0 on WordPress resource injection

CVE-2022-48769 | Linux Kernel up to 5.10.95/5.15.18/5.16.4 efi QueryVariableInfo denial of service

CVE-2024-28091 | Technicolor TC8715D 01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T User Defined Service managed_services_add.asp cross site scripting