4 matches found
CVE-2026-41129
Craft CMS is a content management system CMS. Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a few permissions to be enabled in the used GraphQL schema: "Edit assets in the volume" and "Create...
Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation
The Craft CMS GraphQL saveAsset mutation is vulnerable to Server-Side Request Forgery SSRF. This vulnerability arises because the file input, specifically its url parameter, allows the server to fetch content from arbitrary remote locations without proper validation. Attackers can exploit this by...
CVE-2016-7884
Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks...
CVE-2016-7884
Adobe Experience Manager (AEM) versions 6.1 and earlier are affected by an input validation issue in the DAM create assets flow that could enable cross-site scripting. The problem is described in the CVE entry as an input validation flaw leading to XSS. The connected documents confirm the affecte...