2 matches found
Cross-site Request Forgery (CSRF)
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the create-token process. An attacker can gain unauthorized access to previewed or unpublished content by tricking a logged-in user with active preview...
EUVD-2026-10812
Craft CMS has a potential information disclosure vulnerability in preview tokens...