Product:

Craft_cms

(Craftcms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 47
Date Id Summary Products Score Patch Annotated
2021-09-30 CVE-2021-41824 Craft CMS before 3.7.14 allows CSV injection. Craft_cms 8.8
2019-06-18 CVE-2019-12823 Craft CMS before 3.1.31 does not properly filter XML feeds and thus allowing XSS. Craft_cms 6.1
2021-06-30 CVE-2021-27902 An issue was discovered in Craft CMS before 3.6.0. In some circumstances, a potential XSS vulnerability existed in connection with front-end forms that accepted user uploads. Craft_cms 6.1
2021-05-07 CVE-2021-32470 Craft CMS before 3.6.13 has an XSS vulnerability. Craft_cms 6.1
2021-03-26 CVE-2020-19626 Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new. Craft_cms 5.4
2018-01-01 CVE-2018-3814 Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP code by using the "Assets->Upload files" screen and then the "Replace it" option, because this allows a .jpg file to have embedded PHP code, and then be renamed to a .php extension. Craft_cms 8.8
2019-12-31 CVE-2019-9554 In the 3.1.12 Pro version of Craft CMS, XSS has been discovered in the header insertion field when adding source code at an s/admin/entries/news/new URI. Craft_cms N/A
2019-10-24 CVE-2019-15929 In Craft CMS through 3.1.7, the elevated session password prompt was not being rate limited like normal login forms, leading to the possibility of a brute force attempt on them. Craft_cms N/A
2019-10-11 CVE-2019-17496 Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion. Craft_cms N/A
2017-05-01 CVE-2017-8383 Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder. Craft_cms 5.3