Craft Cms Security Vulnerabilities and Issues — Page 2 of Craft Cms CVE List

Lucene search

CraftcmsCraft Cms

57 matches found

CVE•added 2023/06/20 1:15 p.m.•39 views

CVE-2023-33495

Craft CMS through 4.4.9 is vulnerable to HTML Injection.

6.1CVSS6.1AI score0.00181EPSS

CVE•added 2017/04/22 1:59 a.m.•36 views

CVE-2017-8052

Craft CMS before 2.6.2974 allows XSS attacks.

6.1CVSS5.8AI score0.00353EPSS

CVE•added 2017/05/01 6:59 a.m.•35 views

CVE-2017-8384

Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.

6.1CVSS6AI score0.00353EPSS

CVE•added 2017/05/01 6:59 a.m.•35 views

CVE-2017-8385

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

5.3CVSS5.2AI score0.00284EPSS

CVE•added 2021/03/26 3:15 p.m.•33 views

CVE-2020-19626

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

5.4CVSS5.2AI score0.00232EPSS

CVE•added 2025/08/09 2:15 a.m.•18 views

CVE-2025-54417

Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these requiremen...

8.8CVSS9.6AI score0.03622EPSS

CVE•added 2025/08/25 6:15 p.m.•9 views

CVE-2025-57811

Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has been patched in vers...

8.6CVSS7.1AI score0.04524EPSS

Total number of security vulnerabilities57