An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There are CSRF issues with the log-clear controller action.
8.8CVSS
8.7AI Score
0.001EPSS
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
5.4CVSS
5.2AI Score
0.001EPSS
The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.
9.1CVSS
9.2AI Score
0.002EPSS
6.1CVSS
6.2AI Score
0.001EPSS
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. CSRF affects comment integrity.
6.5CVSS
6.5AI Score
0.001EPSS
An issue was discovered in the Comments plugin before 1.5.6 for Craft CMS. There is stored XSS via a guest name.
5.4CVSS
5.1AI Score
0.001EPSS
An issue was discovered in the Comments plugin before 1.5.5 for Craft CMS. There is stored XSS via an asset volume name.
5.4CVSS
5.1AI Score
0.001EPSS