PKSA-ht16-h36v-hxc7 Security Advisory
-
[MEDIUM] Craft CMS stores arbitrary content provided by unauthenticated users in session files
PKSA-ht16-h36v-hxc7 CVE-2025-35939 GHSA-7vrx-9684-xrf2
Affected package: craftcms/cms
Affected version: <4.15.3|>=5.0.0-alpha.1,<5.7.5
Reported by:
GitHub