9 matches found
CrafterCMS 4.0.2 Cross Site Scripting Vulnerability
--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...
CrafterCMS 4.0.2 Cross Site Scripting
--------------------------------------------------------------------------- CrafterCMS = 4.0.2 Multiple Reflected Cross-Site Scripting Vulnerabilities --------------------------------------------------------------------------- - Software Link: https://craftercms.org - Affected Versions: Version...
CVE-2023-4136
creationtimestamp| type| source ---|---|--- 2023-08-03 18:40:02+00:00| seen| https://t.me/cibsecurity/67683 2025-06-02 16:52:14+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2023/CVE-2023-4136.yaml 2025-06-04 21:02:24+00:00| seen|...
org.craftercms:crafter-studio (>=4.0.1 <=4.0.2) potentially affected by CVE-2023-4136 via org.craftercms:crafter-engine (>=4.0.1 <=4.0.2)
org.craftercms:crafter-engine MAVEN version =4.0.1, =4.0.1, =4.0.2 Source cves: CVE-2023-4136 Source advisory: SNYK:JAVA-ORGCRAFTERCMS-8722255...
org.craftercms:crafter-studio (>=4.0.1 <=4.0.2) potentially affected by CVE-2023-4136 via org.craftercms:crafter-engine (>=4.0.1 <=4.0.2)
org.craftercms:crafter-engine MAVEN version =4.0.1, =4.0.1, =4.0.2 Source cves: CVE-2023-4136 Source advisory: OSV:GHSA-JFM4-3VV3-FM4V...
CVE-2023-4136
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27...
CVE-2023-4136
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27...
CVE-2023-4136 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27...
CVE-2023-4136
CrafterCMS Engine is vulnerable to reflected XSS (CVE-2023-4136). The nuclei template shows exploitation via the transformerName parameter in the /api/1/site/url/transform endpoint, enabling an unauthenticated attacker to inject arbitrary JavaScript in the user context and potentially steal crede...