Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Magnolia-cms Security Vulnerabilities

cve
cve

CVE-2013-4759

Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area...

5.8AI Score

0.005EPSS

2013-08-09 09:55 PM
24
cve
cve

CVE-2021-25893

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.

5.4CVSS

5.2AI Score

0.001EPSS

2021-04-02 12:15 PM
24
5
cve
cve

CVE-2021-25894

Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter.

6.1CVSS

5.8AI Score

0.001EPSS

2021-04-02 12:15 PM
27
5
cve
cve

CVE-2021-46361

An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload.

9.8CVSS

9.5AI Score

0.003EPSS

2022-02-11 09:15 PM
76
cve
cve

CVE-2021-46362

A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter.

9.8CVSS

9.6AI Score

0.003EPSS

2022-02-11 09:15 PM
70
cve
cve

CVE-2021-46363

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel.

7.8CVSS

7.9AI Score

0.001EPSS

2022-02-11 09:15 PM
62
2
cve
cve

CVE-2021-46364

A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file.

7.8CVSS

7.8AI Score

0.001EPSS

2022-02-11 09:15 PM
69
cve
cve

CVE-2021-46365

An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute XML External Entity attacks via a crafted XLF file.

7.8CVSS

7.5AI Score

0.001EPSS

2022-02-11 09:15 PM
78
cve
cve

CVE-2021-46366

An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users' credentials.

8.8CVSS

8.7AI Score

0.001EPSS

2022-02-11 09:15 PM
76
cve
cve

CVE-2022-33098

Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

6.1CVSS

5.9AI Score

0.001EPSS

2022-07-07 07:15 PM
44
4