Lucene search
CraftcmsCraft Cms
2 matches found
CVE-2019-17496
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
6.1CVSS5.8AI score0.00328EPSS
CVE-2019-15929
In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them.
9.8CVSS9.4AI score0.00358EPSS