Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Craft_cms
(Craftcms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 47 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-05-19 | CVE-2023-32679 | Craft CMS is an open source content management system. In affected versions of Craft CMS an unrestricted file extension may lead to Remote Code Execution. If the name parameter value is not empty string('') in the View.php's doesTemplateExist() -> resolveTemplate() -> _resolveTemplateInternal() -> _resolveTemplate() function, it returns directly without extension verification, so that arbitrary extension files are rendered as twig templates. When attacker with admin privileges on a DEV or an... | Craft_cms | 7.2 | ||
| 2023-05-12 | CVE-2023-30130 | An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | Craft_cms | 8.8 | ||
| 2023-05-09 | CVE-2023-31144 | Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4. | Craft_cms | 6.1 | ||
| 2023-04-25 | CVE-2023-30177 | CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | Craft_cms | 6.1 | ||
| 2022-09-21 | CVE-2022-37246 | Craft CMS 4.2.0.1 is affected by Cross Site Scripting (XSS) in the file src/web/assets/cp/src/js/BaseElementSelectInput.js and in specific on the line label: elementInfo.label. | Craft_cms | 5.4 | ||
| 2022-09-16 | CVE-2022-37247 | Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | Craft_cms | 5.4 | ||
| 2022-09-16 | CVE-2022-37251 | Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | Craft_cms | 5.4 | ||
| 2022-09-16 | CVE-2022-37250 | Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. | Craft_cms | 5.4 | ||
| 2022-09-16 | CVE-2022-37248 | Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. | Craft_cms | 5.4 | ||
| 2021-06-30 | CVE-2021-27903 | An issue was discovered in Craft CMS before 3.6.7. In some circumstances, a potential Remote Code Execution vulnerability existed on sites that did not restrict administrative changes (if an attacker were somehow able to hijack an administrator's session). | Craft_cms | 9.8 |