Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Craft Cms Security Vulnerabilities

cve
cve

CVE-2023-36259

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user...

5.4CVSS

6.8AI Score

0.0005EPSS

2024-01-30 09:15 AM
21
cve
cve

CVE-2023-36260

An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about...

7.5CVSS

7.5AI Score

0.001EPSS

2024-01-30 09:15 AM
23
cve
cve

CVE-2023-33495

Craft CMS through 4.4.9 is vulnerable to HTML...

6.1CVSS

6.1AI Score

0.001EPSS

2023-06-20 01:15 PM
20
cve
cve

CVE-2023-30179

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only...

7.2CVSS

7.2AI Score

0.002EPSS

2023-06-13 05:15 PM
25
cve
cve

CVE-2023-2817

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages...

5.4CVSS

5.1AI Score

0.001EPSS

2023-05-26 05:15 PM
25
cve
cve

CVE-2023-30130

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section...

8.8CVSS

8.8AI Score

0.005EPSS

2023-05-12 11:15 AM
23
cve
cve

CVE-2023-30177

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume...

6.1CVSS

6.2AI Score

0.0005EPSS

2023-04-25 06:15 PM
31
cve
cve

CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery...

7.5CVSS

7.5AI Score

0.002EPSS

2022-12-05 09:15 PM
42
cve
cve

CVE-2022-37246

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label:...

5.4CVSS

5.3AI Score

0.001EPSS

2022-09-21 03:15 PM
35
6
cve
cve

CVE-2022-37251

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via...

5.4CVSS

5.3AI Score

0.001EPSS

2022-09-16 10:15 PM
45
6
cve
cve

CVE-2022-37247

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields...

5.4CVSS

5.2AI Score

0.001EPSS

2022-09-16 10:15 PM
33
6
cve
cve

CVE-2022-37248

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via...

5.4CVSS

5.2AI Score

0.001EPSS

2022-09-16 04:15 PM
33
4
cve
cve

CVE-2022-37250

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in...

5.4CVSS

5.2AI Score

0.001EPSS

2022-09-16 03:15 PM
38
8