{"id":"CVE-2019-10646","details":"Wolf CMS v0.8.3.1 is affected by cross site scripting (XSS) in the module Add Snippet (/?/admin/snippet/add). This allows an attacker to insert arbitrary JavaScript as user input, which will be executed whenever the affected snippet is loaded.","modified":"2026-03-14T09:31:43.045796Z","published":"2019-03-30T03:29:00.300Z","references":[{"type":"EVIDENCE","url":"https://github.com/wolfcms/wolfcms/issues/682"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wolfcms/wolfcms","events":[{"introduced":"0"},{"last_affected":"1b5a6c701b781a632e1364d6865946ee94a9002a"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.8.3.1"}]}}],"versions":["0.7.0","0.7.1","0.7.2","0.7.3","0.7.5","0.7.5-sp1","0.7.6","0.7.7","0.7.8","0.8.0","0.8.1","0.8.2","0.8.3","0.8.3.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10646.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}