Overview :
In the 3.1.12 Pro version of the Craft CMS web application, the XSS vulnerability has been discovered in the header insertion field when adding source code.
Affected Product(s) :
  • Craft CMS 3.1.12
Vulnerability Details :
CVE ID : CVE-2019-9554
In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI.

Solution :

Upgrade to the Latest version.