Crafter Cms@3.0.0 Security Vulnerabilities and Issues — Crafter Cms@3.0.0 CVE List

Lucene search

CraftercmsCrafter Cms3.0.0

6 matches found

CVE•added 2020/11/27 6:15 p.m.•95 views

CVE-2017-15681

In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.

9.8CVSS9.4AI score0.01976EPSS

CVE•added 2020/11/27 6:15 p.m.•93 views

CVE-2017-15683

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

8.6CVSS8.5AI score0.01918EPSS

CVE•added 2020/11/27 6:15 p.m.•90 views

CVE-2017-15682

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.

6.1CVSS6AI score0.01409EPSS

CVE•added 2020/11/27 6:15 p.m.•86 views

CVE-2017-15686

Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.

6.1CVSS6.1AI score0.00327EPSS

CVE•added 2020/11/27 6:15 p.m.•84 views

CVE-2017-15684

Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.

7.5CVSS7.5AI score0.03127EPSS

CVE•added 2020/11/27 6:15 p.m.•84 views

CVE-2017-15685

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

8.6CVSS8.5AI score0.02272EPSS