Crafter Cms Security Vulnerabilities and Issues — Crafter Cms CVE List

Lucene search

CraftercmsCrafter Cms

7 matches found

CVE•added 2020/11/27 6:15 p.m.•94 views

CVE-2017-15681

In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.

9.8CVSS9.4AI score0.01976EPSS

CVE•added 2020/11/27 6:15 p.m.•92 views

CVE-2017-15683

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

8.6CVSS8.5AI score0.01918EPSS

CVE•added 2020/11/27 6:15 p.m.•89 views

CVE-2017-15680

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.

6.5CVSS6.5AI score0.00919EPSS

CVE•added 2020/11/27 6:15 p.m.•88 views

CVE-2017-15682

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.

6.1CVSS6AI score0.01409EPSS

CVE•added 2020/11/27 6:15 p.m.•85 views

CVE-2017-15686

Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.

6.1CVSS6.1AI score0.00327EPSS

CVE•added 2020/11/27 6:15 p.m.•83 views

CVE-2017-15684

Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.

7.5CVSS7.5AI score0.03127EPSS

CVE•added 2020/11/27 6:15 p.m.•83 views

CVE-2017-15685

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE). An unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

8.6CVSS8.5AI score0.02272EPSS