Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftcms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-2817
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries...
Craftcms Craft Cms
8.8
CVSSv3
CVE-2024-21622
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x before 3.9.6 and 4.x before 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. User...
Craftcms Craft Cms
7.2
CVSSv3
CVE-2023-32679
Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplat...
Craftcms Craft Cms
6.1
CVSSv3
CVE-2019-12823
Craft CMS prior to 3.1.31 does not properly filter XML feeds and thus allowing XSS.
Craftcms Craft Cms
9.8
CVSSv3
CVE-2020-9757
The SEOmatic component prior to 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
Craftcms Craft Cms
5.3
CVSSv3
CVE-2019-14280
In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Craftcms Craft Cms
1 EDB exploit
9.8
CVSSv3
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
5.4
CVSSv3
CVE-2023-36259
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows malicious users to execute arbitrary code during user creation.
Craftcms Craft Cms
7.5
CVSSv3
CVE-2023-36260
An issue exists in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote malicious users to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a...
Craftcms Craft Cms
9.8
CVSSv3
CVE-2019-15929
In Craft CMS up to and including 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Craftcms Craft Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »