Filtered by vendor Craftcms Subscriptions
Filtered by product Craft Cms Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-31144 1 Craftcms 1 Craft Cms 2024-08-02 6.1 Medium
Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4.
CVE-2023-30130 1 Craftcms 1 Craft Cms 2024-08-02 8.8 High
An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter.
CVE-2023-30177 1 Craftcms 1 Craft Cms 2024-08-02 6.1 Medium
CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name.
CVE-2023-23927 1 Craftcms 1 Craft Cms 2024-08-02 6.1 Medium
Craft is a platform for creating digital experiences. When you insert a payload inside a label name or instruction of an entry type, an cross-site scripting (XSS) happens in the quick post widget on the admin dashboard. This issue has been fixed in version 4.3.7.
CVE-2023-2817 1 Craftcms 1 Craft Cms 2024-08-02 5.4 Medium
A post-authentication stored cross-site scripting vulnerability exists in Craft CMS versions <= 4.4.11. HTML, including script tags can be injected into field names which, when the field is added to a category or section, will trigger when users visit the Categories or Entries pages respectively.
CVE-2024-37843 1 Craftcms 1 Craft Cms 2024-08-02 7.5 High
Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
CVE-2024-21622 1 Craftcms 1 Craft Cms 2024-08-01 5.4 Medium
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.