Craft Cms Security Vulnerabilities and Issues — Craft Cms CVE List

Lucene search

CraftcmsCraft Cms

8 matches found

CVE•added 2022/05/09 6:15 p.m.•82 views

CVE-2022-29933

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must sen...

8.8CVSS8.6AI score0.02008EPSS

CVE•added 2022/04/03 6:15 p.m.•81 views

CVE-2022-28378

Craft CMS before 3.7.29 allows XSS.

6.1CVSS6.2AI score0.00311EPSS

CVE•added 2022/12/05 9:15 p.m.•65 views

CVE-2022-37783

All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks....

7.5CVSS7.5AI score0.00457EPSS

CVE•added 2022/09/16 10:15 p.m.•64 views

CVE-2022-37251

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.

5.4CVSS5.2AI score0.00157EPSS

CVE•added 2022/09/21 3:15 p.m.•61 views

CVE-2022-37246

Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label.

5.4CVSS5.2AI score0.00151EPSS

CVE•added 2022/09/16 3:15 p.m.•59 views

CVE-2022-37250

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.

5.4CVSS5.2AI score0.00111EPSS

CVE•added 2022/09/16 4:15 p.m.•49 views

CVE-2022-37248

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.

5.4CVSS5.2AI score0.00111EPSS

CVE•added 2022/09/16 10:15 p.m.•48 views

CVE-2022-37247

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.

5.4CVSS5.1AI score0.00144EPSS