CVE-2026-25491

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22...

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft CMS. Versions 5.0.0-RC1 to 5.8.21 of Craft CMS have a cross-site scripting vulnerability. This vulnerability stems from uncleaned entry type names, which may lead to storage-based cross-site scripting attacks...

PT-2026-7138

Craft is a platform for creating digital experiences. From 5.0.0-RC1 to 5.8.21, Craft has a stored XSS via Entry Type names. The name is not sanitized when displayed in the Entry Types list. This vulnerability is fixed in 5.8.22...

CraftCMS 路径遍历漏洞

CraftCMS is a content management system from CraftCMS, Inc. A path traversal vulnerability exists in CraftCMS versions 5.0.0-RC1 through 5.4.5.1 and 4.0.0-RC1 through 4.12.4.1, which stems from a vulnerability that could allow an attacker to inject a payload to remotely execute code by bypassing...