Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craftcms craft cms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2023-23927
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
Craftcms Craft Cms
5.4
CVSSv3
CVE-2022-37246
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2022-37247
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2022-37251
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2022-37248
Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2022-37250
Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.
Craftcms Craft Cms 4.2.0.1
5.4
CVSSv3
CVE-2020-19626
Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote malicious users to inject arbitrary web script or HTML, via /admin/settings/sites/new.
Craftcms Craft Cms 3.1.31
5.4
CVSSv3
CVE-2017-9516
Craft CMS prior to 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
Craftcms Craft Cms
1 EDB exploit
5.3
CVSSv3
CVE-2019-14280
In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Craftcms Craft Cms
1 EDB exploit
5.3
CVSSv3
CVE-2017-8383
Craft CMS prior to 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.
Craftcms Craft Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »