An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
References:GSA_kwCzR0hTQS1wN3JtLWdoOWctNWZyOM4AAkx_
Image Resizer Cross-site Scripting (XSS) in the Bulk Resize action
| Affected Packages | Affected Versions | Fixed Versions | |
|---|---|---|---|
| packagist:verbb/image-resizer | < 2.0.9 | 2.0.9 | |
Affected Version RangesAll affected versions2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8 All unaffected versions2.0.9, 2.0.10, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, 3.0.12, 3.0.13, 3.0.14, 4.0.0, 4.0.1, 4.0.2, 4.0.3 |
|||