Craft Cms@* Security Vulnerabilities and Issues — Craft Cms@* CVE List

Lucene search

CraftcmsCraft Cms*

4 matches found

CVE•added 2019/07/26 4:15 a.m.•297 views

CVE-2019-14280

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

5.3CVSS5.1AI score0.15895EPSS

CVE•added 2019/10/11 12:15 a.m.•136 views

CVE-2019-17496

Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.

6.1CVSS5.8AI score0.00328EPSS

CVE•added 2019/10/24 4:15 p.m.•86 views

CVE-2019-15929

In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.

9.8CVSS9.4AI score0.00358EPSS

CVE•added 2019/06/18 1:15 p.m.•50 views

CVE-2019-12823

Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS.

6.1CVSS6.3AI score0.00212EPSS