CrafterCMS Engine - Cross-Site Scripting

CrafterCMS Engine is vulnerable to reflected cross-site scripting XSS via the transformerName parameter in the /api/1/site/url/transform endpoint, allowing attackers to execute arbitrary JavaScript in the context of the user. id: CVE-2023-4136 info: name: CrafterCMS Engine - Cross-Site Scripting...

Improper Control of Dynamically-Managed Code Resources

Overview Affected versions of this package are vulnerable to Improper Control of Dynamically-Managed Code Resources via the Groovy Sandbox. An attacker can execute arbitrary operating system commands by injecting malicious Groovy elements to bypass sandbox restrictions. Remediation Upgrade...

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS developed by CrafterCMS Inc. There is a security vulnerability in CrafterCMS, which stems from improper control over dynamically managed code resources. This vulnerability could allow authenticated developers to bypass sandbox restrictions and execute OS commands...

CVE-2023-4136

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27...

Directory Traversal

org.craftercms, crafter-studio is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs, which allows an unauthenticated attacker to overwrite arbitrary files on the operating system via crafted path traversal sequences, potentially leading to Remo...

EUVD-2025-1722

Malicious code in bioql PyPI...

Exploit for CVE-2025-6384

CrafterCMS Groovy RCE -...

Remote Code Execution (RCE)

CrafterCMS is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper control of dynamically-managed code resources due to a Groovy Sandbox bypass that allows authenticated developers to execute OS commands...

CVE-2025-6384

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

CVE-2025-6384

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

CVE-2025-6384 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

CVE-2025-6384

CrafterCMS Crafter Studio is affected by CVE-2025-6384 (versions 4.0.0–4.2.2). The issue is an Improper Control of Dynamically-Managed Code Resources that allows authenticated developers to bypass the Groovy sandbox, enabling remote code execution (RCE) by injecting malicious Groovy elements. The...

CVE-2025-6384 Improper Control of Dynamically-Managed Code Resources in Crafter Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

PT-2025-26243

Name of the Vulnerable Software and Affected Versions CrafterCMS versions 4.0.0 through 4.2.2 Description An issue exists in Crafter Studio of CrafterCMS that allows authenticated developers to execute operating system commands. This is due to improper control of dynamically-managed code resource...

CrafterCMS 安全漏洞

CrafterCMS is a Java-based CMS from CrafterCMS, Inc. A security vulnerability exists in CrafterCMS versions 4.0.0 through 4.2.2 that stems from a Groovy sandbox bypass resulting in OS commands that can be executed by certified developers...

CVE-2025-0502

Transmission of Private Resources into a New Sphere 'Resource Leak' vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6...

CVE-2025-0502

Transmission of Private Resources into a New Sphere 'Resource Leak' vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6...

CVE-2025-0502 Transmission of Private Resources into a New Sphere in Crafter Engine

Transmission of Private Resources into a New Sphere 'Resource Leak' vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6...

CVE-2025-0502 Transmission of Private Resources into a New Sphere in Crafter Engine

Transmission of Private Resources into a New Sphere 'Resource Leak' vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6...

CVE-2025-0502

The CVE-2025-0502 entry concerns CrafterCMS Engine with a Resource Leak vulnerability that enables directory indexing and exposure of private resources. Affected versions are CrafterCMS 4.0.0–4.0.7 and 4.1.0–4.1.5 on Linux, macOS, Windows (x86/64-bit, ARM). Root cause is a Resource Leak that perm...