CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

vulnersOsv•added 2023/08/03 6:30 p.m.•2 views

org.craftercms:crafter-studio (>=3.1.0 <=3.1.27E) potentially affected by CVE-2023-4136 via org.craftercms:crafter-engine (>=3.1.0 <=3.1.27E)

org.craftercms:crafter-engine MAVEN version =3.1.0, =3.1.0, =3.1.27E Source cves: CVE-2023-4136 Source advisory: OSV:GHSA-JFM4-3VV3-FM4V...

7.4CVSS6.7AI score0.01304EPSS

Exploits2

vulnersOsv•added 2023/08/03 6:30 p.m.•2 views

org.craftercms:crafter-studio (>=4.0.1 <=4.0.2) potentially affected by CVE-2023-4136 via org.craftercms:crafter-engine (>=4.0.1 <=4.0.2)

org.craftercms:crafter-engine MAVEN version =4.0.1, =4.0.1, =4.0.2 Source cves: CVE-2023-4136 Source advisory: OSV:GHSA-JFM4-3VV3-FM4V...

7.4CVSS6.7AI score0.01304EPSS

Exploits2

Snyk•added 2023/08/03 6:30 p.m.•1 views

Cross-site Scripting (XSS)

Overview org.craftercms:crafter-engine is a Crafter Content Delivery Engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS via API endpoints that reflect some input parameter and do produce XML responses. An attacker can inject malicious scripts by sending crafted...

7.4CVSS5.3AI score0.01304EPSS

Exploits2References2

Cvelist•added 2021/12/02 3:40 p.m.•13 views

CVE-2021-23263 Transmission of Private Resources into a New Sphere ('Resource Leak') in Crafter Engine

Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/, /templates/ and some of the files in /.git/ non-binary...

5.9CVSS7.7AI score0.01581EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by