Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user...
5.4CVSS
6.8AI Score
0.0005EPSS
An issue was discovered in the Feed Me plugin 4.6.1 for Craft CMS. It allows remote attackers to cause a denial of service (DoS) via crafted strings to Feed-Me Name and Feed-Me URL fields, due to saving a feed using an Asset element type with no volume selected. NOTE: this is not a report about...
7.5CVSS
7.5AI Score
0.001EPSS
6.1CVSS
6.1AI Score
0.001EPSS
CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only...
7.2CVSS
7.2AI Score
0.002EPSS
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages...
5.4CVSS
5.1AI Score
0.001EPSS
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section...
8.8CVSS
8.8AI Score
0.005EPSS
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume...
6.1CVSS
6.2AI Score
0.0005EPSS
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery...
7.5CVSS
7.5AI Score
0.002EPSS
Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label:...
5.4CVSS
5.3AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields...
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS
5.4CVSS
5.2AI Score
0.001EPSS