Craft Cms Security Vulnerabilities and Issues — Page 2 of Craft Cms CVE List

Lucene search

CraftcmsCraft Cms

55 matches found

CVE•added 2023/06/20 1:15 p.m.•38 views

CVE-2023-33495

Craft CMS through 4.4.9 is vulnerable to HTML Injection.

6.1CVSS6.1AI score0.00181EPSS

CVE•added 2017/04/22 1:59 a.m.•35 views

CVE-2017-8052

Craft CMS before 2.6.2974 allows XSS attacks.

6.1CVSS5.8AI score0.00353EPSS

CVE•added 2017/05/01 6:59 a.m.•34 views

CVE-2017-8384

Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.

6.1CVSS6AI score0.00353EPSS

CVE•added 2017/05/01 6:59 a.m.•34 views

CVE-2017-8385

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

5.3CVSS5.2AI score0.00284EPSS

CVE•added 2021/03/26 3:15 p.m.•32 views

CVE-2020-19626

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

5.4CVSS5.2AI score0.00232EPSS

Total number of security vulnerabilities55