Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftcms craft cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2022-28378
Craft CMS prior to 3.7.29 allows XSS.
Craftcms Craft Cms
5
CVSSv2
CVE-2017-8383
Craft CMS prior to 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.
Craftcms Craft Cms
5
CVSSv2
CVE-2017-8385
Craft CMS prior to 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
Craftcms Craft Cms
4
CVSSv2
CVE-2018-20465
Craft CMS up to and including 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, w...
Craftcms Craft Cms
NA
CVE-2023-31144
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
Craftcms Craft Cms
4.3
CVSSv2
CVE-2019-17496
Craft CMS prior to 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
Craftcms Craft Cms
6.8
CVSSv2
CVE-2021-41824
Craft CMS prior to 3.7.14 allows CSV injection.
Craftcms Craft Cms
NA
CVE-2023-33195
Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
Craftcms Craft Cms
NA
CVE-2023-33197
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
Craftcms Craft Cms
3.5
CVSSv2
CVE-2017-9516
Craft CMS prior to 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
Craftcms Craft Cms
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »