Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftcms craft cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33495
Craft CMS up to and including 4.4.9 is vulnerable to HTML Injection.
Craftcms Craft Cms
NA
CVE-2023-2817
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries...
Craftcms Craft Cms
NA
CVE-2023-23927
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
Craftcms Craft Cms
5
CVSSv2
CVE-2019-14280
In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Craftcms Craft Cms
1 EDB exploit
6.8
CVSSv2
CVE-2022-29933
Craft CMS up to and including 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality....
Craftcms Craft Cms
NA
CVE-2023-36259
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows malicious users to execute arbitrary code during user creation.
Craftcms Craft Cms
NA
CVE-2023-36260
An issue exists in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote malicious users to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a...
Craftcms Craft Cms
NA
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
5
CVSSv2
CVE-2019-15929
In Craft CMS up to and including 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Craftcms Craft Cms
7.5
CVSSv2
CVE-2020-9757
The SEOmatic component prior to 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
Craftcms Craft Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »