Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftcms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-8384
Craft CMS prior to 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.
Craftcms Craft Cms
5.3
CVSSv3
CVE-2017-8385
Craft CMS prior to 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
Craftcms Craft Cms
5.4
CVSSv3
CVE-2017-9516
Craft CMS prior to 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
Craftcms Craft Cms
1 EDB exploit
6.1
CVSSv3
CVE-2021-27902
An issue exists in Craft CMS prior to 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
Craftcms Craft Cms
9.8
CVSSv3
CVE-2021-27903
An issue exists in Craft CMS prior to 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Craftcms Craft Cms
6.1
CVSSv3
CVE-2019-17496
Craft CMS prior to 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
Craftcms Craft Cms
7.2
CVSSv3
CVE-2018-20465
Craft CMS up to and including 3.0.34 allows remote authenticated administrators to read sensitive information via server-side template injection, as demonstrated by a {% string for craft.app.config.DB.user and craft.app.config.DB.password in the URI Format of the Site Settings, w...
Craftcms Craft Cms
8.8
CVSSv3
CVE-2021-41824
Craft CMS prior to 3.7.14 allows CSV injection.
Craftcms Craft Cms
6.1
CVSSv3
CVE-2017-8052
Craft CMS prior to 2.6.2974 allows XSS attacks.
Craftcms Craft Cms
7.5
CVSSv3
CVE-2022-37783
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Reque...
Craftcms Craft Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »