Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craft cms vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-32470
Craft CMS prior to 3.6.13 has an XSS vulnerability.
6.1
CVSSv3
CVE-2020-13486
The Knock Knock plugin prior to 1.2.8 for Craft CMS allows malicious redirection.
Verbb Knock Knock
5.4
CVSSv3
CVE-2020-9311
In SilverStripe up to and including 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Silverstripe Silverstripe
6.5
CVSSv3
CVE-2020-13868
An issue exists in the Comments plugin prior to 1.5.5 for Craft CMS. CSRF affects comment integrity.
Verbb Comments
9.1
CVSSv3
CVE-2020-13485
The Knock Knock plugin prior to 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
Verbb Knock Knock
5.4
CVSSv3
CVE-2020-13869
An issue exists in the Comments plugin prior to 1.5.6 for Craft CMS. There is stored XSS via a guest name.
Verbb Comments
5.4
CVSSv3
CVE-2020-13870
An issue exists in the Comments plugin prior to 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
Verbb Comments
5.4
CVSSv3
CVE-2020-13459
An issue exists in the Image Resizer plugin prior to 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
Verbb Image Resizer
8.8
CVSSv3
CVE-2020-13458
An issue exists in the Image Resizer plugin prior to 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
Verbb Image Resizer
9.8
CVSSv3
CVE-2021-41749
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated malicious users to perform a Server-Side Template Injection, allowing for remote code execution.
Nystudio107 Seomatic
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »