Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craft cms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2019-17496
Craft CMS prior to 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
Craftcms Craft Cms
5
CVSSv2
CVE-2017-8385
Craft CMS prior to 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
Craftcms Craft Cms
NA
CVE-2023-41892
Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations prior to 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.
Craftcms Craft Cms
1 Metasploit module
5 Github repositories
NA
CVE-2023-36259
Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows malicious users to execute arbitrary code during user creation.
Craftcms Craft Cms
5
CVSSv2
CVE-2017-8383
Craft CMS prior to 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.
Craftcms Craft Cms
5
CVSSv2
CVE-2019-14280
In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Craftcms Craft Cms
1 EDB exploit
NA
CVE-2023-23927
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
Craftcms Craft Cms
5
CVSSv2
CVE-2019-15929
In Craft CMS up to and including 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Craftcms Craft Cms
NA
CVE-2023-36260
An issue exists in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote malicious users to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a...
Craftcms Craft Cms
6.8
CVSSv2
CVE-2022-29933
Craft CMS up to and including 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality....
Craftcms Craft Cms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654
CVE-2023-49606
encryption
NULL pointer dereference
CVE-2024-4439
CVE-2024-4649
race condition
CVE-2024-27202
CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »