Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
CraftcmsCraft Cms*

5 matches found

CVE
CVEadded 2017/06/08 1:29 p.m.41 views

CVE-2017-9516

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.

5.4CVSS5.2AI score0.00895EPSS
CVE
CVEadded 2017/05/01 6:59 a.m.38 views

CVE-2017-8383

Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.

5.3CVSS5.2AI score0.00316EPSS
CVE
CVEadded 2017/04/22 1:59 a.m.35 views

CVE-2017-8052

Craft CMS before 2.6.2974 allows XSS attacks.

6.1CVSS5.8AI score0.00353EPSS
CVE
CVEadded 2017/05/01 6:59 a.m.34 views

CVE-2017-8384

Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. NOTE: this vulnerability exists because of an incomplete fix for CVE-2017-8052.

6.1CVSS6AI score0.00353EPSS
CVE
CVEadded 2017/05/01 6:59 a.m.34 views

CVE-2017-8385

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

5.3CVSS5.2AI score0.00284EPSS