Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
craft cms vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2021-32470
Craft CMS prior to 3.6.13 has an XSS vulnerability.
516
VMScore
CVE-2020-13486
The Knock Knock plugin prior to 1.2.8 for Craft CMS allows malicious redirection.
Verbb Knock Knock
312
VMScore
CVE-2020-9311
In SilverStripe up to and including 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.
Silverstripe Silverstripe
383
VMScore
CVE-2020-13868
An issue exists in the Comments plugin prior to 1.5.5 for Craft CMS. CSRF affects comment integrity.
Verbb Comments
570
VMScore
CVE-2020-13485
The Knock Knock plugin prior to 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
Verbb Knock Knock
312
VMScore
CVE-2020-13869
An issue exists in the Comments plugin prior to 1.5.6 for Craft CMS. There is stored XSS via a guest name.
Verbb Comments
312
VMScore
CVE-2020-13870
An issue exists in the Comments plugin prior to 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
Verbb Comments
312
VMScore
CVE-2020-13459
An issue exists in the Image Resizer plugin prior to 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
Verbb Image Resizer
605
VMScore
CVE-2020-13458
An issue exists in the Image Resizer plugin prior to 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
Verbb Image Resizer
668
VMScore
CVE-2021-41749
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated malicious users to perform a Server-Side Template Injection, allowing for remote code execution.
Nystudio107 Seomatic
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »