Craft Cms Security Vulnerabilities and Issues — Page 2 of Craft Cms CVE List

Lucene search

CraftcmsCraft Cms

56 matches found

CVE•added 2023/06/20 1:15 p.m.•38 views

CVE-2023-33495

Craft CMS through 4.4.9 is vulnerable to HTML Injection.

6.1CVSS6.1AI score0.00181EPSS

CVE•added 2017/04/22 1:59 a.m.•35 views

CVE-2017-8052

Craft CMS before 2.6.2974 allows XSS attacks.

6.1CVSS5.8AI score0.00353EPSS

CVE•added 2017/05/01 6:59 a.m.•34 views

CVE-2017-8384

Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.

6.1CVSS6AI score0.00353EPSS

CVE•added 2017/05/01 6:59 a.m.•34 views

CVE-2017-8385

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

5.3CVSS5.2AI score0.00284EPSS

CVE•added 2021/03/26 3:15 p.m.•32 views

CVE-2020-19626

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

5.4CVSS5.2AI score0.00232EPSS

CVE•added 6 days ago•13 views

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these requiremen...

7.7CVSS9.6AI score0.05173EPSS

Total number of security vulnerabilities56