43616 matches found
PT-2026-24820
Summary The POST /studiocms api/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account. The handler verifies that the caller is an admin but does not enforce role hierarchy, nor do...
Craft CMS 代码注入漏洞
Craft CMS is an open-source content management system developed by Craft. Versions of Craft CMS prior to 5.9.9 and 4.17.4 contained a code injection vulnerability. This vulnerability stemmed from the BaseElementSelectConditionRule::getElementIds method, which allowed user input to be passed to th...
CVE-2026-31832
Umbraco is an ASP.NET CMS. From 14.0.0 to before 16.5.1 and 17.2.2, A broken object-level authorization vulnerability exists in a backoffice API endpoint that allows authenticated users to assign domain-related data to content nodes without proper authorization checks. The issue is caused by...
CVE-2026-31833 Umbraco has Stored XSS in UFM Rendering Pipeline via Permissive DOMPurify Attribute Filtering
Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...
CVE-2026-29113
Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...
CVE-2026-28495
GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...
EUVD-2026-10817
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...
CVE-2026-29172
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL Injection in the purchasables table endpoint. The sort parameter is split by | and the first part column name is passed directly as an array key to orderBy without whitelist...
CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens
Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...
CVE-2026-29113
Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...
CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens
Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...
CVE-2026-29113
Craft CMS prior to versions 4.17.4 and 5.9.7 suffers a CSRF flaw in the preview token endpoint (/actions/preview/create-token). The endpoint accepts an attacker-supplied previewToken without requiring a CSRF token, allowing a logged-in editor to mint a preview token chosen by an attacker. The att...
CVE-2026-29113 Craft has a potential information disclosure vulnerability in preview tokens
Craft is a content management system CMS. Prior to 4.17.4 and 5.9.7, Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an...
CVE-2026-28495
GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...
CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php
GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...
CVE-2026-28495 GetSimple CMS has CSRF to Remote Code Execution via Arbitrary PHP Write in gsconfig.php
GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...
EUVD-2026-10811
GetSimple CMS is a content management system. The massiveAdmin plugin v6.0.3 bundled with GetSimpleCMS-CE v3.3.22 allows an authenticated administrator to overwrite the gsconfig.php configuration file with arbitrary PHP code via the gsconfig editor module. The form lacks CSRF protection, enabling...
EUVD-2026-10812
Craft CMS has a potential information disclosure vulnerability in preview tokens...
GHSA-VG3J-HPM9-8V5V Craft CMS has a potential information disclosure vulnerability in preview tokens
Summary Craft CMS has a CSRF issue in the preview token endpoint at /actions/preview/create-token. The endpoint accepts an attacker-supplied previewToken. Because the action does not require POST and does not enforce a CSRF token, an attacker can force a logged-in victim editor to mint a preview...
Cross-site Request Forgery (CSRF)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create-token process. An attacker can gain unauthorized access to previewed or unpublished content by tricking a logged-in user with active preview...