2 matches found
CVE-2026-50279
Craft CMS (versions 5.0.0-RC1 through 5.9.20) contains an authorization gap in EntriesController::actionSaveEntry where entry-edit checks precede author changes. The code path allows attacker-supplied authors to mutate the authors list when the current user is among the old authors, without re-ru...
CVE-2018-20418
CVE-2018-20418 affects Craft CMS, version 3.0.25. The vulnerability is a cross-site scripting (XSS) flaw in the handling of the title during saving through the admin action endpoint: http://…/admin/actions/entries/save-entry. Saving a new title from the console tab is reported to enable XSS. The ...