Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftcms craft cms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-23927
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
Craftcms Craft Cms
5.4
CVSSv3
CVE-2022-37246
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2022-37251
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2022-37247
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2022-37248
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2022-37250
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2020-19626
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote malicious users to inject arbitrary web script or HTML, via /admin/settings/sites/new.
Craftcms Craft Cms 3.1.31
5.4
CVSSv3
CVE-2017-9516
Craft CMS prior to 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
Craftcms Craft Cms
1 EDB exploit
5.3
CVSSv3
CVE-2019-14280
In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Craftcms Craft Cms
1 EDB exploit
5.3
CVSSv3
CVE-2017-8385
Craft CMS prior to 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
Craftcms Craft Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »