Craft Cms Security Vulnerabilities and Issues — Craft Cms CVE List

Lucene search

CraftcmsCraft Cms

15 matches found

CVE•added 2019/07/26 4:15 a.m.•297 views

CVE-2019-14280

In some circumstances, Craft 2 before 2.7.10 and 3 before 3.2.6 wasn't stripping EXIF data from user-uploaded images when it was configured to do so, potentially exposing personal/geolocation data to the public.

5.3CVSS5.1AI score0.15895EPSS

CVE•added 2022/09/16 10:15 p.m.•64 views

CVE-2022-37251

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.

5.4CVSS5.2AI score0.00157EPSS

CVE•added 2022/09/21 3:15 p.m.•61 views

CVE-2022-37246

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.

5.4CVSS5.2AI score0.00151EPSS

CVE•added 2022/09/16 3:15 p.m.•59 views

CVE-2022-37250

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.

5.4CVSS5.2AI score0.00111EPSS

CVE•added 2023/05/26 5:15 p.m.•56 views

CVE-2023-2817

A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions

5.4CVSS5AI score0.00155EPSS

CVE•added 2022/09/16 4:15 p.m.•49 views

CVE-2022-37248

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.

5.4CVSS5.2AI score0.00111EPSS

CVE•added 2022/09/16 10:15 p.m.•48 views

CVE-2022-37247

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.

5.4CVSS5.1AI score0.00144EPSS

CVE•added 2023/05/26 8:15 p.m.•48 views

CVE-2023-33197

Craft is a CMS for creating custom digital experiences on the web. Cross-site scripting (XSS) can be triggered via the Update Asset Index utility. This issue has been patched in version 4.4.6.

5.5CVSS5.4AI score0.00298EPSS

CVE•added 2023/05/26 9:15 p.m.•45 views

CVE-2023-33196

Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.

5.5CVSS5.3AI score0.00075EPSS

CVE•added 2024/09/09 5:15 p.m.•45 views

CVE-2024-45406

Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.

5.5CVSS5AI score0.00188EPSS

CVE•added 2024/01/30 9:15 a.m.•44 views

CVE-2023-36259

Cross Site Scripting (XSS) vulnerability in Craft CMS Audit Plugin before version 3.0.2 allows attackers to execute arbitrary code during user creation.

5.4CVSS5.4AI score0.00087EPSS

CVE•added 2017/06/08 1:29 p.m.•41 views

CVE-2017-9516

Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.

5.4CVSS5.2AI score0.00895EPSS

CVE•added 2017/05/01 6:59 a.m.•38 views

CVE-2017-8383

Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.

5.3CVSS5.2AI score0.00316EPSS

CVE•added 2017/05/01 6:59 a.m.•34 views

CVE-2017-8385

Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.

5.3CVSS5.2AI score0.00284EPSS

CVE•added 2021/03/26 3:15 p.m.•32 views

CVE-2020-19626

Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new.

5.4CVSS5.2AI score0.00232EPSS