Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magnolia-cms magnolia cms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-46361
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows malicious users to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
Magnolia-cms Magnolia Cms
1 Github repository
9.8
CVSSv3
CVE-2021-46362
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows malicious users to execute arbitrary code via a crafted payload entered into the fullname parameter.
Magnolia-cms Magnolia Cms
1 Github repository
9.8
CVSSv3
CVE-2013-4621
Magnolia CMS prior to 4.5.9 has multiple access bypass vulnerabilities
Magdevgroup Magnolia Cms
8.8
CVSSv3
CVE-2021-46366
An issue in the Login page of Magnolia CMS v6.2.3 and below allows malicious users to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
Magnolia-cms Magnolia Cms
1 Github repository
7.8
CVSSv3
CVE-2021-46364
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows malicious users to execute arbitrary code via a crafted YAML file.
Magnolia-cms Magnolia Cms
1 Github repository
7.8
CVSSv3
CVE-2021-46365
An issue in the Export function of Magnolia v6.2.3 and below allows malicious users to execute XML External Entity attacks via a crafted XLF file.
Magnolia-cms Magnolia Cms
1 Github repository
7.8
CVSSv3
CVE-2021-46363
An issue in the Export function of Magnolia v6.2.3 and below allows malicious users to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Exc...
Magnolia-cms Magnolia Cms
1 Github repository
6.1
CVSSv3
CVE-2022-33098
Magnolia CMS v6.2.19 exists to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Magnolia-cms Magnolia Cms 6.2.19
1 Github repository
6.1
CVSSv3
CVE-2021-25894
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.
5.4
CVSSv3
CVE-2021-25893
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »