Craft Cms@* Security Vulnerabilities and Issues — Craft Cms@* CVE List

Lucene search

CraftcmsCraft Cms*

11 matches found

CVE•added 2023/09/13 8:15 p.m.•176 views

CVE-2023-41892

Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.

10CVSS9.3AI score0.9376EPSS

CVE•added 2023/08/23 9:15 p.m.•80 views

CVE-2023-40035

Craft is a CMS for creating custom digital experiences on the web and beyond. Bypassing the validatePath function can lead to potential remote code execution. This vulnerability can lead to malicious control of vulnerable systems and data exfiltrations. Although the vulnerability is exploitable onl...

7.2CVSS7.3AI score0.00379EPSS

CVE•added 2023/05/09 4:15 p.m.•66 views

CVE-2023-31144

Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.

6.1CVSS5.8AI score0.00455EPSS

CVE•added 2023/03/03 10:15 p.m.•63 views

CVE-2023-23927

Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.

6.1CVSS5.5AI score0.10791EPSS

CVE•added 2023/05/19 8:15 p.m.•63 views

CVE-2023-32679

Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal...

7.2CVSS7.5AI score0.23653EPSS

CVE•added 2023/05/26 5:15 p.m.•56 views

CVE-2023-2817

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions

5.4CVSS5AI score0.00155EPSS

CVE•added 2023/05/26 8:15 p.m.•48 views

CVE-2023-33197

Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.

5.5CVSS5.4AI score0.00298EPSS

CVE•added 2023/05/26 9:15 p.m.•45 views

CVE-2023-33196

Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.

5.5CVSS5.3AI score0.00075EPSS

CVE•added 2023/05/27 4:15 a.m.•44 views

CVE-2023-33195

Craft is a CMS for creating custom digital experiences on the web. A malformed RSS feed can deliver an XSS payload. This issue was patched in version 4.4.6.

6.1CVSS5.4AI score0.0055EPSS

CVE•added 2023/05/26 9:15 p.m.•41 views

CVE-2023-33194

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was patched in versio...

4.8CVSS4.4AI score0.00045EPSS

CVE•added 2023/06/20 1:15 p.m.•38 views

CVE-2023-33495

Craft CMS through 4.4.9 is vulnerable to HTML Injection.

6.1CVSS6.1AI score0.00181EPSS