Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craft cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-27902
An issue exists in Craft CMS prior to 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
Craftcms Craft Cms
7.5
CVSSv2
CVE-2021-27903
An issue exists in Craft CMS prior to 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Craftcms Craft Cms
6.8
CVSSv2
CVE-2021-41824
Craft CMS prior to 3.7.14 allows CSV injection.
Craftcms Craft Cms
NA
CVE-2023-31144
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
Craftcms Craft Cms
4.3
CVSSv2
CVE-2019-12823
Craft CMS prior to 3.1.31 does not properly filter XML feeds and thus allowing XSS.
Craftcms Craft Cms
NA
CVE-2023-33195
Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
Craftcms Craft Cms
4.3
CVSSv2
CVE-2017-8052
Craft CMS prior to 2.6.2974 allows XSS attacks.
Craftcms Craft Cms
4
CVSSv2
CVE-2018-20465
Craft CMS up to and including 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, w...
Craftcms Craft Cms
5
CVSSv2
CVE-2019-14280
In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Craftcms Craft Cms
1 EDB exploit
NA
CVE-2022-37783
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Reque...
Craftcms Craft Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »