Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftercms crafter cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-15682
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
Craftercms Crafter Cms
5
CVSSv2
CVE-2017-15685
Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Craftercms Crafter Cms
6.4
CVSSv2
CVE-2017-15680
In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated malicious users to view and modify administrative data.
Craftercms Crafter Cms
5
CVSSv2
CVE-2017-15684
Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated malicious users to view files from the operating system.
Craftercms Crafter Cms
4.3
CVSSv2
CVE-2017-15686
Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote malicious users to steal users’ cookies.
Craftercms Crafter Cms
NA
CVE-2022-40634
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.
Craftercms Crafter Cms
1 Github repository
NA
CVE-2022-40635
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.
Craftercms Crafter Cms
1 Github repository
4
CVSSv2
CVE-2021-23265
A logged-in and authenticated user with a Reviewer Role may lock a content item.
Craftercms Crafter Cms
7.5
CVSSv2
CVE-2017-15681
In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated malicious users to overwrite files from the operating system which can lead to RCE.
Craftercms Crafter Cms
5
CVSSv2
CVE-2017-15683
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.
Craftercms Crafter Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »