Craft Cms@3.7.59 Security Vulnerabilities and Issues — Craft Cms@3.7.59 CVE List

Lucene search

CraftcmsCraft Cms3.7.59

2 matches found

CVE•added 2023/04/25 6:15 p.m.•57 views

CVE-2023-30177

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.

6.1CVSS6.1AI score0.00098EPSS

CVE•added 2023/06/13 5:15 p.m.•49 views

CVE-2023-30179

CraftCMS version 3.7.59 is vulnerable to Server-Side Template Injection (SSTI). An authenticated attacker can inject Twig Template to User Photo Location field when setting User Photo Location in User Settings, lead to Remote Code Execution. NOTE: the vendor disputes this because only Administrator...

7.2CVSS7.2AI score0.0381EPSS