Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
magnolia-cms magnolia cms vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2021-46363
An issue in the Export function of Magnolia v6.2.3 and below allows malicious users to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Exc...
Magnolia-cms Magnolia Cms
1 Github repository
7.5
CVSSv2
CVE-2021-46361
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows malicious users to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.
Magnolia-cms Magnolia Cms
1 Github repository
7.5
CVSSv2
CVE-2021-46362
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows malicious users to execute arbitrary code via a crafted payload entered into the fullname parameter.
Magnolia-cms Magnolia Cms
1 Github repository
7.5
CVSSv2
CVE-2013-4621
Magnolia CMS prior to 4.5.9 has multiple access bypass vulnerabilities
Magdevgroup Magnolia Cms
6.8
CVSSv2
CVE-2021-46365
An issue in the Export function of Magnolia v6.2.3 and below allows malicious users to execute XML External Entity attacks via a crafted XLF file.
Magnolia-cms Magnolia Cms
1 Github repository
6.8
CVSSv2
CVE-2021-46364
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows malicious users to execute arbitrary code via a crafted YAML file.
Magnolia-cms Magnolia Cms
1 Github repository
6.8
CVSSv2
CVE-2021-46366
An issue in the Login page of Magnolia CMS v6.2.3 and below allows malicious users to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.
Magnolia-cms Magnolia Cms
1 Github repository
4.3
CVSSv2
CVE-2022-33098
Magnolia CMS v6.2.19 exists to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Magnolia-cms Magnolia Cms 6.2.19
1 Github repository
4.3
CVSSv2
CVE-2021-25894
Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.
Magnolia-cms Magnolia Cms
4.3
CVSSv2
CVE-2013-4759
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x prior to 1.4.7 and 2.x prior to 2.0.2 for Magnolia CMS allow remote malicious users to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPub...
Magnolia-cms Magnolia Form Module 1.4
Magnolia-cms Magnolia Form Module 1.4.1
Magnolia-cms Magnolia Form Module 1.4.2
Magnolia-cms Magnolia Form Module 1.4.3
Magnolia-cms Magnolia Form Module 1.4.4
Magnolia-cms Magnolia Form Module 1.4.5
Magnolia-cms Magnolia Form Module 1.4.6
Magnolia-cms Magnolia Form Module 2.0
Magnolia-cms Magnolia Form Module 2.0.1
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-6267
XML injection
CVE-2024-37673
CVE-2024-6266
CVE-2024-30078
arbitrary
CVE-2024-36886
CVE-2024-5346
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »