Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craft cms vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2017-8385
Craft CMS prior to 2.6.2976 does not prevent modification of the URL in a forgot-password email message.
Craftcms Craft Cms
6.1
CVSSv3
CVE-2022-28378
Craft CMS prior to 3.7.29 allows XSS.
Craftcms Craft Cms
5.3
CVSSv3
CVE-2019-14280
In some circumstances, Craft 2 prior to 2.7.10 and 3 prior to 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.
Craftcms Craft Cms
1 EDB exploit
8.8
CVSSv3
CVE-2022-29933
Craft CMS up to and including 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality....
Craftcms Craft Cms
6.1
CVSSv3
CVE-2017-8052
Craft CMS prior to 2.6.2974 allows XSS attacks.
Craftcms Craft Cms
9.8
CVSSv3
CVE-2019-15929
In Craft CMS up to and including 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
Craftcms Craft Cms
6.1
CVSSv3
CVE-2021-27902
An issue exists in Craft CMS prior to 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads.
Craftcms Craft Cms
9.8
CVSSv3
CVE-2021-27903
An issue exists in Craft CMS prior to 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session).
Craftcms Craft Cms
6.1
CVSSv3
CVE-2023-33195
Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.
Craftcms Craft Cms
5.4
CVSSv3
CVE-2023-33197
Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.
Craftcms Craft Cms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute force
CVE-2024-24908
open redirect
CVE-2024-31497
CVE-2023-45866
CVE-2024-4135
CVE-2024-25523
cache poisoning
CVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »