Filtered by vendor Craftcms
Subscriptions
Total
47 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-31144 | 1 Craftcms | 1 Craft Cms | 2024-08-02 | 6.1 Medium |
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4. | ||||
CVE-2023-30130 | 1 Craftcms | 1 Craft Cms | 2024-08-02 | 8.8 High |
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. | ||||
CVE-2023-30177 | 1 Craftcms | 1 Craft Cms | 2024-08-02 | 6.1 Medium |
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | ||||
CVE-2023-23927 | 1 Craftcms | 1 Craft Cms | 2024-08-02 | 6.1 Medium |
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7. | ||||
CVE-2023-2817 | 1 Craftcms | 1 Craft Cms | 2024-08-02 | 5.4 Medium |
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively. | ||||
CVE-2024-37843 | 1 Craftcms | 1 Craft Cms | 2024-08-02 | 7.5 High |
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint. | ||||
CVE-2024-21622 | 1 Craftcms | 1 Craft Cms | 2024-08-01 | 5.4 Medium |
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. |